In exemplary embodiments of the present invention, special metadata is added to link monitoring protocol messages exchanged by pairs of adjacent nodes to allow such nodes to detect communication link failures and determine whether the failure affects an incoming communication link or an outgoing communication link. The link monitoring protocol messages may be augmented BFD messages.
|
13. A method of link status monitoring by a target node in a communication system, the method comprising:
receiving, by the target node from a source node, a forward link monitoring protocol message having a metadata portion including a distinct forward sequence number;
formatting, by the target node, a return link monitoring protocol message having a metadata portion including the distinct forward sequence number and a distinct return sequence number; and
transmitting the return link monitoring protocol message by the target node to the source node.
4. A method of link status monitoring by a source node in a communication system, the source node in communication with a target node, the method comprising:
transmitting, by a source node destined for the target node, a series of distinct forward link monitoring protocol messages, each distinct forward link monitoring protocol message having a metadata portion including a distinct forward sequence number;
receiving, by the source node from the target node, a series of return link monitoring protocol messages, each return link monitoring protocol message responsive to a distinct forward link monitoring protocol message and having a metadata portion including a forward sequence number from the received forward link monitoring protocol message and a distinct return sequence number;
determining, by the source node, if a communication problem occurred based on the forward and reverse sequence numbers in the series of received return link monitoring protocol messages; and
when the source node determines that a communication problem occurred, determining, by the source node, whether the communication problem is associated with an outgoing communication link to the target node or an incoming communication link from the target node based on the forward and reverse sequence numbers in the series of received return link monitoring protocol messages.
10. A computer program product comprising a tangible, non-transitory computer readable medium having embodied therein a computer program that, when run on at least one computer processor, implements a packet router for a source node, the packet router implementing a link status monitoring method comprising:
transmitting, by the packet router, a series of distinct forward link monitoring protocol messages, each distinct forward link monitoring protocol message having a metadata portion including a distinct forward sequence number;
receiving, by the packet router, a series of return link monitoring protocol messages, each return link monitoring protocol message responsive to a distinct forward link monitoring protocol message and having a metadata portion including a forward sequence number from the received forward link monitoring protocol message and a distinct return sequence number;
determining, by the packet router, if a communication problem occurred based on the forward and reverse sequence numbers in the series of received return link monitoring protocol messages; and
when the packet router determines that a communication problem occurred, determining, by the packet router, whether the communication problem is associated with an outgoing communication link to the target node or an incoming communication link from the target node based on the forward and reverse sequence numbers in the series of received return link monitoring protocol messages.
7. A source node for use with a target node, the source node comprising:
a memory for storing routing information;
a plurality of communication interfaces; and
a packet router configured to implement a link status monitoring method comprising:
transmitting, by the packet router over a first communication interface according to the stored routing information, a series of distinct forward link monitoring protocol messages destined for the target node, each distinct forward link monitoring protocol message having a metadata portion including a distinct forward sequence number;
receiving, by the packet router from the target node over a second communication interface, a series of return link monitoring protocol messages, each return link monitoring protocol message responsive to a distinct forward link monitoring protocol message and having a metadata portion including a forward sequence number from the received forward link monitoring protocol message and a distinct return sequence number;
determining, by the packet router, if a communication problem occurred based on the forward and reverse sequence numbers in the series of received return link monitoring protocol messages; and
when the packet router determines that a communication problem occurred, determining, by the packet router, whether the communication problem is associated with an outgoing communication link to the target node or an incoming communication link from the target node based on the forward and reverse sequence numbers in the series of received return link monitoring protocol messages.
19. A computer program product comprising a tangible, non-transitory computer readable medium having embodied therein a computer program that, when run on at least one computer processor, implements a packet router for a target node that is used with a source node configured to transmit a series of distinct forward link monitoring protocol messages to the target node, each distinct forward link monitoring protocol message having a metadata portion including a distinct forward sequence number, the packet router implementing a link status monitoring method comprising:
receiving, by the packet router from the source node, at least one of the forward link monitoring protocol messages from the source node, each received forward link monitoring protocol message having a metadata portion including a distinct forward sequence number; and
for each received forward link monitoring protocol message:
(a) formatting, by the packet router, a return link monitoring protocol message having a metadata portion including the distinct forward sequence number from the received forward link monitoring protocol message and a distinct return sequence number; and
(b) transmitting the return link monitoring protocol message by the packet router destined for the source node, wherein the return link monitoring protocol messages enable the source node to determine if a communication problem occurred based on the forward and reverse sequence numbers in return link monitoring protocol messages received from the target node, and when the source node determines that a communication problem occurred, further enable the source node to determine whether the communication problem is associated with an outgoing communication link to the target node or an incoming communication link from the target node based on the forward and reverse sequence numbers in the received return link monitoring protocol messages.
16. A target node for use with a source node configured to transmit a series of distinct forward link monitoring protocol messages to the target node, each distinct forward link monitoring protocol message having a metadata portion including a distinct forward sequence number, the target node comprising:
a memory for storing routing information;
a plurality of communication interfaces; and
a packet router configured to implement a link status monitoring method comprising:
receiving, by the packet router from the source node over a first communication interface, at least one of the forward link monitoring protocol messages from the source node, each received forward link monitoring protocol message having a metadata portion including a distinct forward sequence number; and
for each received forward link monitoring protocol message:
(a) formatting, by the packet router, a return link monitoring protocol message having a metadata portion including the distinct forward sequence number from the received forward link monitoring protocol message and a distinct return sequence number; and
(b) transmitting the return link monitoring protocol message by the packet router destined for the source node over a second communication interface according to the stored routing information, wherein the return link monitoring protocol messages enable the source node to determine if a communication problem occurred based on the forward and reverse sequence numbers in return link monitoring protocol messages received from the target node, and when the source node determines that a communication problem occurred, further enable the source node to determine whether the communication problem is associated with an outgoing communication link to the target node or an incoming communication link from the target node based on the forward and reverse sequence numbers in the received return link monitoring protocol messages.
1. A system comprising:
a source node comprising a first plurality of communication interfaces, a first memory storing first routing information, and a first packet router; and
a target node comprising a second plurality of communication interfaces, a second memory storing second routing information, and a second packet router,
wherein the source node is configured to transmit a series of distinct forward link monitoring protocol messages destined for the target node over a first communication interface of the source node according to the stored first routing information, each distinct forward link monitoring protocol message having a metadata portion including a distinct forward sequence number; receive a series of return link monitoring protocol messages from the target node over a second communication interface of the source node, each return link monitoring protocol message responsive to a distinct forward link monitoring protocol message and having a metadata portion including a forward sequence number from the received forward link monitoring protocol message and a distinct return sequence number; determine if a communication problem occurred based on the forward and reverse sequence numbers in the series of received return link monitoring protocol messages; and when the source node determines that a communication problem occurred, determine whether the communication problem is associated with an outgoing communication link to the target node or an incoming communication link from the target node based on the forward and reverse sequence numbers in the series of received return link monitoring protocol messages; and
wherein the target node is configured to receive a forward link monitoring protocol message including a distinct forward sequence number over a first communication interface of the target node, format a return link monitoring protocol message including the distinct forward sequence number and a distinct return sequence number, and transmit the return link monitoring protocol message destined for the source node over a second communication interface of the target node according to the stored second routing information.
2. A system according to
3. A system according to
5. A method according to
6. A method according to
8. A source node according to
9. A source node according to
11. A computer program product according to
12. A computer program product according to
14. A method according to
15. A method according to
17. A target node according to
18. A target node according to
20. A computer program product according to
21. A computer program product according to
|
This patent application is related to U.S. patent application Ser. No. 14/497,954 filed Sep. 26, 2014, entitled, “NETWORK PACKET FLOW CONTROLLER,” and naming MeLampy, Baj, Kaplan, Kumar, Penfield, and Timmons as inventors, the disclosure of which is incorporated herein, in its entirety, by reference.
This patent application also is related to U.S. patent application Ser. No. 14/562,917, filed Dec. 8, 2014, entitled, “STATEFUL LOAD BALANCING IN A STATELESS NETWORK,” and naming Timmons, Baj, Kaplan, MeLampy, Kumar, and Penfield as inventors, the disclosure of which is incorporated herein, in its entirety, by reference.
This patent application also is related to U.S. patent application Ser. No. 14/715,036, filed May 18, 2015, entitled, “NETWORK DEVICE AND METHOD FOR PROCESSING A SESSION USING A PACKET SIGNATURE,” and naming Kumar, Timmons, and MeLampy as inventors, the disclosure of which is incorporated herein, in its entirety, by reference.
This patent application also is related to U.S. patent application Ser. No. 14/963,999, filed Dec. 9, 2015, entitled, “ROUTER WITH OPTIMIZED STATISTICAL FUNCTIONALITY,” and naming Gosselin, Yungelson, Baj, and MeLampy as inventors, the disclosure of which is incorporated herein, in its entirety, by reference.
This patent application also is related to U.S. patent application Ser. No. 14/833,571, filed Aug. 24, 2015, entitled, “NETWORK PACKET FLOW CONTROLLER WITH EXTENDED SESSION MANAGEMENT,” and naming Kaplan, Kumar, Timmons, and MeLampy as inventors, the disclosure of which is incorporated herein, in its entirety, by reference.
This patent application also is related to U.S. patent application Ser. No. 15/054,781, filed Feb. 26, 2016, entitled, “NAME-BASED ROUTING SYSTEM AND METHOD,” and naming MeLampy, Baj, Kumar, Penfield, and Timmons as inventors, the disclosure of which is incorporated herein, in its entirety, by reference.
This patent application is also related to U.S. patent application Ser. No. 15/168,712, filed on even date herewith, entitled “DETECTING SOURCE NETWORK ADDRESS TRANSLATION IN A COMMUNICATION SYSTEM,” the disclosure of which is incorporated herein, in its entirety, by reference.
This patent application is also related to U.S. patent application Ser. No. 15/169,003, filed on even date herewith, entitled “REVERSE FORWARDING INFORMATION BASE ENFORCEMENT,” the disclosure of which is incorporated herein, in its entirety, by reference.
The present invention relates to data routing and, more particularly, to packet loss detection and network diagnostics in a communication system.
The Internet Protocol (“IP”) serves as the de-facto standard for forwarding data messages (“datagrams”) between network devices connected with the Internet. To that end, IP delivers datagrams across a series of Internet devices, such as routers and switches, in the form of one or more data packets. Each packet has two principal parts: (1) a payload with the information being conveyed (e.g., text, graphic, audio, or video data), and (2) a header, known as an “IP header,” having the address of the network device to receive the packet(s) (the “destination device”), the identity of the network device that sent the packet (the “originating device”), and other data for routing the packet.
Many people thus analogize packets to a traditional letter using first class mail, where the letter functions as the payload, and the envelope, with its return and mailing addresses, functions as the IP header.
Current Internet devices forward packets one-by-one based essentially on the address of the destination device in the packet header in accordance with an Internet routing protocol such as BGP, OSPFv2, IS-IS, etc. Among other benefits, this routing scheme enables network devices to forward different packets of a single datagram along different routes to reduce network congestion, or avoid malfunctioning network devices.
Those skilled in the art thus refer to IP as a “stateless” protocol because, among other reasons, it does not save packet path data, and does not pre-arrange transmission of packets between end points.
Current Internet routing protocols generally cannot route packets from an element in one private network to an element in another private network because the IP address spaces used for elements in those private networks often overlap. These are often referred to as “unroutable” addresses, which are not useful on the public Internet. Therefore, Network Address Translation (NAT) is often used to convert between local addresses used for routing within the private networks and public Internet addresses used for routing over the public Internet. The public Internet address is used to route packets between the private networks. Within each private network, other information in the packet is used to determine the local address used to route the packet to the destination entity within the destination private network.
Over the past decade, network challenges have evolved from bandwidth and broadband availability to security and mobility. Cloud has emerged as a primary service delivery architecture that achieves economies of scale unheard of in the past. Cloud embraces sharing of resources, including computing and storage. This has created a huge number of new requirements unmet by today's IP routing models, such as:
To meet these requirements, current architectures require middleboxes (e.g., firewalls, DPI devices, load balancers) mixed with overlay networking (e.g., VLANs, nested VLANs, VxLANs, MPLS, Cisco ACI, VMware NSX, Midonet) and orchestration (e.g., OpenStack, service function chaining).
In accordance with one embodiment, a system comprises a source node and a target node. The source node is configured to transmit a series of distinct forward link monitoring protocol messages to the target node, each distinct forward link monitoring protocol message having a metadata portion including a distinct forward sequence number; receive a series of return link monitoring protocol messages from the target node, each return link monitoring protocol message responsive to a distinct forward link monitoring protocol message and having a metadata portion including a forward sequence number from the received forward link monitoring protocol message and a distinct return sequence number; determine if a communication problem occurred based on the forward and reverse sequence numbers in the series of received return link monitoring protocol messages; and when the source node determines that a communication problem occurred, determine whether the communication problem is associated with an outgoing communication link to the target node or an incoming communication link from the target node based on the forward and reverse sequence numbers in the series of received return link monitoring protocol messages. The target node is configured to receive a forward link monitoring protocol message including a distinct forward sequence number, format a return link monitoring protocol message including the distinct forward sequence number and a distinct return sequence number, and transmit the return link monitoring protocol message destined for the source node.
In various alternative embodiments, the forward and return link monitoring protocol messages may be augmented BFD messages. The source node may increment the forward sequence number for each forward link monitoring protocol message it transmits, and the target node may increment the return sequence number for each return link monitoring protocol message it transmits
Alternative embodiments include the source node and the target node as well as related methods and computer program products.
Additional embodiments may be disclosed and claimed.
Those skilled in the art should more fully appreciate advantages of various embodiments of the invention from the following “Description of Illustrative Embodiments,” discussed with reference to the drawings summarized immediately below.
It is common for certain nodes in a communication system (e.g., routers in an Internet Protocol network) to run a link monitoring protocol to monitor communication links to and from adjacent nodes. In exemplary embodiments of the present invention, special metadata is added to link monitoring protocol messages exchanged by pairs of adjacent nodes to allow such nodes to detect communication link failures and determine whether the failure affects an incoming communication link or an outgoing communication link. In certain exemplary embodiments, the true source information can be used in the context of “stateful” routing as discussed below. Various exemplary embodiments are described herein with reference to use of the Bidirectional Forwarding Detection (BFD) protocol described in IETF RFC 5880, which is hereby incorporated herein by reference in its entirety, although it should be noted that the invention is not limited to the use of the BFD protocol; special metadata of the type described herein could be used in conjunction with other types of protocol messages (e.g., “Hello” messages, “Ping” messages, “Keep-Alive” messages, certain routing protocol messages, etc.) for such communication link monitoring.
Networks
Illustrative embodiments preferably are implemented within an otherwise conventional computer network that uses common networking devices and protocols. Among other things, a network includes at least two nodes and at least one communication link between the nodes. Nodes can include computing devices (sometimes referred to as hosts or devices) and routers. Computers can include personal computers, smart phones, television “cable boxes,” automatic teller machines (ATMs) and many other types of equipment that include processors and network interfaces. Links can include wired and wireless connections between pairs of nodes. In addition, nodes and/or links may be implemented completely in software, such as in a virtual machine, a software defined network, and using network function virtualization. Many networks include switches, which are largely transparent for purposes of this discussion. However, some switches also perform routing functions. For the present discussion, such routing switches are considered routers. Routers are described below.
A node can be directly connected to one or more other nodes, each via a distinct communication link. For example,
Nodes can initiate communications with other nodes via the network, and nodes can receive communications initiated by other nodes via the network. For example, a node may transmit/forward/send data (a message) to a directly connected (adjacent) node by sending the message via the link that interconnects the adjacent nodes. The message includes the network address of a sending node (the “source address”) and the network address of an intended receiving node (the “destination address”). A sending node can send a message to a non-adjacent node via one or more other intervening nodes. For example, Node D may send a message to Node F via Node B. Using well known networking protocols, the node(s) between the source and the destination forward the message until the message reaches its destination. Accordingly, to operate properly, network protocols enable nodes to learn or discover network addresses of non-adjacent nodes in their network.
Nodes communicate via networks according to protocols, such as the well-known Internet Protocol (IP) and Transmission Control Protocol (TCP). The protocols are typically implemented by layered software and/or hardware components, such as according to the well-known seven-layer Open System Interconnect (OSI) model. As an example, IP operates at OSI Layer 3 (Network Layer), while the TCP operates largely at OSI Layer 4 (Transport Layer). Another commonly used Transport Layer protocol is the User Datagram Protocol (UDP). Each layer performs a logical function and abstracts the layer below it, therefore hiding details of the lower layer. There are two commonly-used versions of IP, namely IP version 4 (“IPv4”) and IP version 6 (“IPv6”). IPv4 is described in IETF RFC 791, which is hereby incorporated herein by reference in its entirety. IPv6 is described in IETF RFC 2460, which is hereby incorporated herein by reference in its entirety. The main purpose of both versions is to provide unique global computer addressing to ensure that communicating devices can identify one another. One of the main distinctions between IPv4 and IPv6 is that IPv4 uses 32-bit source and destination IP addresses, whereas IPv6 utilizes 128-bit source and destination IP addresses. TCP is described generally in IETF RFC 793, which is hereby incorporated herein by reference in its entirety. UDP is described generally in IETF RFC 768, which is hereby incorporated herein by reference in its entirety.
For example, a Layer 3 message may be fragmented into smaller Layer 2 packets if Layer 2 (Data Link Layer) cannot handle the Layer 3 message as one transmission.
Some other protocols also fragment data into packets. For example, the well-known TCP protocol can fragment Layer 4 (Transport Layer) messages into segments, officially referred to as TCP protocol data units (PDUs), if Layer 3 (Network Layer) cannot handle the Layer 4 (Transport Layer) message as one transmission. Nevertheless, in common usage, the term packet is used to refer to PDUs and datagrams, as well as Ethernet frames.
Most protocols encapsulate packets of higher level protocols. For example, IP encapsulates a TCP packet by adding an IP header to the TCP packet to produce an IP packet. Thus, packets sent at a lower layer can be thought of as being made up of packets within packets. Conventionally, a component operating according to a protocol examines or modifies only information within a header and/or trailer that was created by another component, typically within another node, operating according to the same protocol. That is, conventionally, components operating according to a protocol do not examine or modify portions of packets created by other protocols.
In another example of abstraction provided by layered protocols, some layers translate addresses. Some layers include layer-specific addressing schemes. For example, each end of a link is connected to a node via a real (e.g., electronic) or virtual interface, such as an Ethernet interface. At Layer 2 (Data Link Layer), each interface has an address, such as a media access control (MAC) address. On the other hand, at Layer 3 using IP, each interface, or at least each node, has an IP address. Layer 3 converts IP addresses to MAC addresses.
As depicted schematically in
When a router receives a packet via one interface from one network, it uses information stored in its routing table (sometimes referred to as a “Forwarding Information Base” or “FIB”) to direct the packet to another network via another interface, e.g., based on the destination address in the packet, or based on a combination of information in the packet. The routing table thus contains network/next hop associations. These associations tell the router that a particular destination can optimally be reached by sending the packet to a specific router that represents a next hop on the way to the final destination. For example, if Router 1 300 receives a packet, via its Interface 1 304, from Network 1 302, and the packet is destined to a node in Network 3 306, the Router 1 300 consults its router table and then forwards the packet via its Interface 2 308 to Network 2 310. Network 2 310 will then forward the packet to Network 3 306. The next hop association can also be indicated in the routing table as an outgoing (exit) interface to the final destination.
Large organizations, such as large corporations, commercial data centers and telecommunications providers, often employ sets of routers in hierarchies to carry internal traffic. For example, one or more gateway routers may interconnect each organization's network to one or more Internet service providers (ISPs). ISPs also employ routers in hierarchies to carry traffic between their customers' gateways, to interconnect with other ISPs, and to interconnect with core routers in the Internet backbone.
A router is considered a Layer 3 device because its primary forwarding decision is based on the information in the Layer 3 IP packet—specifically the destination IP address. A conventional router does not look into the actual data contents (i.e., the encapsulated payload) that the packet carries. Instead, the router only looks at the Layer 3 addresses to make a forwarding decision, plus optionally other information in the header for hints, such as quality of service (QoS) requirements. Once a packet is forwarded, a conventional router does not retain historical information about the packet, although the forwarding action may be collected to generate statistical data if the router is so configured.
Accordingly, an IP network is considered to be “stateless” because, among other things, it does not maintain this historical information. For example, an IP network generally treats each IP packet as an independent transaction that is unrelated to any previous IP packet. A router thus may route a packet regardless of how it processed a prior packet. As such, an IP network typically does not store session information or the status of incoming communications partners. For example, if a part of the network becomes disabled mid-transaction, there is no need to reallocate resources or otherwise fix the state of the network. Instead, packets may be routed along other nodes in the network. Certain illustrative embodiments, however, may include routers that statefully communicate, as discussed herein.
As noted, when a router receives a packet via one interface from one network, the router uses its routing table to direct the packet to another network. The following is some of the types of information typically found in a basic IP routing table:
Destination: Partial IP address (Expressed as a bit-mask) or Complete IP address of a packet's final destination;
Next hop: IP address to which the packet should be forwarded on its way to the final destination;
Interface: Outgoing network interface to use to forward the packet;
Cost/Metric: Cost of this path, relative to costs of other possible paths;
Routes: Information about subnets, including how to reach subnets that are not directly attached to the router, via one or more hops; default routes to use for certain types of traffic or when information is lacking.
Routing tables may be filled in manually, such as by a system administrator, or dynamically by the router. Routers generally run routing protocols to exchange information with other routers and, thereby, dynamically learn about surrounding network or internet topology. For example, routers announce their presence in the network(s), more specifically, the range of IP addresses to which the routers can forward packets. Neighboring routers update their routing tables with this information and broadcast their ability to forward packets to the network(s) of the first router. This information eventually spreads to more distant routers in a network. Dynamic routing allows a router to respond to changes in a network or internet, such as increased network congestion, new routers joining an internet, and router or link failures.
Additionally, routers also may utilize the Bidirectional Forwarding Detection (BFD) protocol to monitor communication links to adjacent routers. The BFD protocol is described in IETF RFC 5880, which is hereby incorporated herein by reference in its entirety. In many cases, the BFD protocol can detect the failure of a communication link before the routing protocol detects the failure, so, in some situations, the BFD protocol can provide advanced warning to the router that a routing change is needed or is forthcoming.
A routing table therefore provides a set of rules for routing packets to their respective destinations. When a packet arrives, a router examines the packet's contents, such as its destination address, and finds the best matching rule in the routing table. The rule essentially tells the router which interface to use to forward the packet and the IP address of a node to which the packet is forwarded on its way to its final destination IP address.
With hop-by-hop routing, each routing table lists, for all reachable destinations, the address of the next node along a path to that destination, i.e., the next hop. Assuming that the routing tables are consistent, a simple algorithm of each router relaying packets to their destinations' respective next hop suffices to deliver packets anywhere in a network. Hop-by-hop is a fundamental characteristic of the IP Internetwork Layer and the OSI Network Layer.
Thus, each router's routing table typically merely contains information sufficient to forward a packet to another router that is “closer” to the packet's destination, without a guarantee of the packet ever being delivered to its destination. In a sense, a packet finds its way to its destination by visiting a series of routers and, at each router, using then-current rules to decide which router to visit next, with the hope that at least most packets ultimately reach their destinations.
Note that the rules may change between two successive hops of a packet or between two successive packets of a message, such as if a router becomes congested or a link fails. Two packets of a message may, therefore, follow different paths and even arrive out of order. In other words, when a packet is sent by a source or originating node, as a stateless network, there is no predetermined path the packet will take between the source node and the packet's destination. Instead, the path typically is dynamically determined as the packet traverses the various routers. This may be referred to as “natural routing,” i.e., a path is determined dynamically as the packet traverses the internet.
Although natural routing has performed well for many years, natural routing has shortcomings. For example, because each packet of a session may travel along a different path and traverse a different set of routers, it is difficult to collect metrics for the session. Security functions that may be applicable to packets of the session must be widely distributed or risk not being applied to all the packets. Furthermore, attacks on the session may be mounted from many places.
It should be noted that conventionally, packets sent by the destination node back to the source node may follow different paths than the packets from the source node to the destination node.
In many situations, a client computer node (“client”) establishes a session with a server computer node (“server”), and the client and server exchange packets within the session. For example, a client computer executing a browser may establish a session with a web server using a conventional process. The client may send one or more packets to request a web page, and the web server may respond with one or more packets containing contents of the web page. In some types of sessions, this back-and-forth exchange of packets may continue for several cycles. In some types of sessions, packets may be sent asynchronously between the two nodes. In some cases, this handshake may be performed to provide a secure session over the Internet using well known protocols such as the Secure Sockets Layer Protocol (“SSL”) or the Transport Layer Security Protocol (“TLS”).
A session has its conventional meaning; namely, it is a plurality of packets sent by one node to another node, where all the packets are related, according to a protocol. A session may be thought of as including a lead (or initial) packet that begins the session, and one or more subsequent packets of the session. A session has a definite beginning and a definite end. For example, a TCP session is initiated by a SYN packet. In some cases, the end may be defined by a prescribed packet or series of packets. For example, a TCP session may be ended with a FIN exchange or an RST. In other cases, the end may be defined by lack of communication between the nodes for at least a predetermined amount of time (a timeout time). For example, a TCP session may be ended after a defined timeout period. Some sessions include only packets sent from one node to the other node. Other sessions include response packets, as in the web client/server interaction example. A session may include any number of cycles of back-and-forth communication, or asynchronous communication, according to the protocol, but all packets of a session are exchanged between the same client/server pair of nodes. A session is also referred to herein as a series of packets.
A computer having a single IP address may provide several services, such as web services, e-mail services and file transfer (FTP) services. Each service is typically assigned a port number in the range 0-65,535 that is unique on the computer. A service is, therefore, defined by a combination of the node's IP address and the service's port number. Note that this combination is unique within the network the computer is connected to, and it is often unique within an internet. Similarly, a single node may execute many clients. Therefore, a client that makes a request to a service is assigned a unique port number on the client's node, so return packets from the service can be uniquely addressed to the client that made the request.
The term socket means an IP address-port number combination. Thus, each service has a network-unique, and often internet-unique, service socket, and a client making a request of a service is assigned a network-unique, and sometimes internet-unique, client socket. In places, the terms source client and destination service are used when referring to a client that sends packets to make requests of a service and the service being requested, respectively.
Router Architecture
In certain exemplary embodiments (but not necessarily all embodiments), one or more routers may be configured, architecturally, such that the packet router includes two processing pathways or planes, namely a “forwarding path” and a “service path.”
Among other things, the router 400 includes a number of interfaces (two are shown in
The router 400 also has a forwarding path 424 that forwards packets through the router 400 from the input interface 420 to the output interface 422. Specifically, as known by those skilled in the art, the forwarding path 424 (also known as a “fast path,” “forwarding plane,” “critical path,” or “data plane”) contains the logic for determining how to handle and forward inbound packets received at the input interface 420. Among other things, the forwarding path 424 may include the prior noted routing table (identified in
As known by those in the art, the forwarding path 424 may be considered to have a dynamically varying line rate of forwarding packets from the input interface 420 to the output interface 422. Indeed, this line rate is a function of the processing power of the processors 428 within the forwarding path 424, its routing algorithms, and the volume of packets it is forwarding. As noted below, some embodiments may configure the forwarding path 424 to have a minimum line rate that the forwarding path 424 should maintain.
The router 400 also has a service path 434 that is separate from the forwarding path 424. The service path 434 has logic/processing devices 428 configured to perform various processing functions. Among other things, the service path 434 typically runs one or more routing protocols and optionally also the BFD protocol in order to obtain routing and link status information, which it may store in a database 436 within a persistent memory 438 (e.g., a flash drive or hard drive) that can be internal to the router 400 as shown in
The router 400 may have a shared memory 432 (e.g., RAM) and/or other shared router components 440 that permit the forwarding path 424 and the service path 434 to share information and in some embodiments also to communicate directly or indirectly with one another. For example, as discussed above, the forwarding path 424 may redirect packets to the service path 434 for processing, and the service path may generate packets to be forwarded by the forwarding path 424. Also, the forwarding path 424 may have one or more counters 430 that gather statistical information about packets traversing through the forwarding path 424, and these counters 430 may be stored in the shared memory 432 to allow the service path 434 to access the counters 430 for processing and optional storage in a database 436 within a persistent memory 438 (e.g., a flash drive or hard drive) that can be internal to the router 400 as shown in
Typically, the service path 434 is responsible for managing the routing table 426 (e.g., via a shared memory 432 or via direct or indirect communication) to set up routing information (sometimes referred to herein as “flows”) to be used by the forwarding path 424. The routing table 426 may be stored in the shared memory 432 so that it can be accessed as needed by both the forwarding path 424 and the service path 434. Based on information obtained from a routing protocol and/or other protocols, the service path 424 may determine routes and update the routing table 426 with such routes.
Routing Flows
Certain exemplary embodiments are described herein with reference to a construct referred to as a “flow.” Generally speaking, a flow is a descriptor used internally by the router (e.g., by the forwarding path 424 of certain routers) to process and forward a particular set of packets (e.g., packets having a certain destination address or range of destination addresses, or packets associated with a particular “session” as discussed below with reference to “stateful” routing). In certain exemplary embodiments, a flow is associated with an ingress port on which such packets are expected to be received and an egress port over which such packets are to be forwarded. A flow typically also defines the type(s) of processing to be performed on such packets (e.g., decompress packets, decrypt packets, enqueue packets for forwarding, etc.). When a packet arrives at an interface of a router, the router attempts to find a flow that is associated with the packet (e.g., based on the destination address of the packet, or based on a session with which the packet is associated as discussed below). Generally speaking, if the router locates an active flow for the packet, then the router processes the packet based on the flow, but if the router cannot locate an active flow for the packet, then the router processes the packet (e.g., by the service path 434 of certain routers).
In certain exemplary embodiments, each flow is associated with an “action chain” established for the flow. Each action chain includes a series of functional blocks, with each functional block having a specific function associated with routing packets associated with the session/flow (e.g., decompress packets, decrypt packets, enqueue packets for forwarding, etc.). The action chains associated with different sessions/flows can have different functional blocks depending on the type of processing needed for the session/flow. In routers of the type shown and described with reference to
In certain exemplary embodiments, each action chain has a leading “chain descriptor” that includes two fields:
1. A pointer field containing a pointer to the first functional block in the action chain, and
2. A “valid” field (e.g., one or more bits) that is used to indicate whether the action chain is valid or invalid. Typically, one particular value of the valid field is used to indicate that the action chain is valid and can be used, while another value of the valid field is used to indicate that the action chain is invalid/deactivated.
Stateful Routing
In certain exemplary embodiments, at least some of the routers in the communication system are specially configured to perform “stateful” routing on packets associated with a given session between a source node and destination node, as discussed herein. For convenience, such routers are referred to above and below as Augmented IP Routers (AIPRs) or waypoint routers. AIPRs and stateful routing also are discussed in related incorporated patent applications, which are incorporated by reference above. For convenience, packets being routed from the source node toward the destination node may be referred to herein as “forward” packets or the “forward” direction or path, and packets being routed from the destination node toward the source node may be referred to herein as “reverse” or “backward” or “return” packets or the “reverse” or “backward” or “reverse” direction or path.
Generally speaking, stateful routing is a way to ensure that subsequent packets of a session follow the same path as the lead packet of the session through a particular set of AIPRs in the forward and/or reverse direction. The lead packet of the session may pass through one or more AIPRs, either due to traditional routing, or by having each successive AIPR through which the lead packet passes expressly select a next hop AIPR if possible.
The AIPRs through which the lead packet passes insert special metadata into the lead packet and optionally also into return packets as needed to allow each AIPR on the path to determine whether there is a prior AIPR on the path and whether there is a next hop AIPR on the path. In order to force session packets to traverse the same set of AIPRs, each successive AIPR typically changes the destination address field in each session packet to be the address of the next hop AIPR and changes the source address field in each session packet to be its own network address. The last AIPR prior to the destination node then typically will change the source and destination address fields back to the original source and destination addresses used by the source node. In this way, session packets can be forwarded, hop by hop, from the source node through the set of AIPRs to the destination node, and vice versa.
Certain aspects of one exemplary stateful routing embodiment are now described with reference to
In this example, each AIPR is presumed to have a priori knowledge of the other AIPRs in the network in relation to the network/next hop associations contained in its routing information base, such that, for example, a particular AIPR knows not only the outgoing interface for a particular destination network address, but also the next waypoint AIPR (if any) to use for that destination network address. In this example, the nodes communicate using TCP/IP-based messages, and the metadata inserted into the lead packet may be conveyed, for example, as a TCP Option field or added to the TCP packet as payload data. In various alternative embodiments, the nodes may communicate using other protocols, and the method in which the metadata is conveyed in the lead packet would be protocol-specific.
As noted above, in stateful routing, all forward packets associated with a particular session are made to follow the same path through a given set of AIPRs on their way from the source client node 726 to the destination service node 728. In a similar manner, all return packets associated with the session typically, but not necessarily, are made to traverse the same set of AIPRs in reverse order on their way from the destination service node 728 to the source client node 726 (which may be referred herein to as “bi-flow”).
Assume the source client node 726 initiates a session with the destination service node 728. For example, the source client node 726 may request a web page, and the destination service node 728 may include a web server. The source client node 726 may, for example, be part of a first local area network (LAN) (not shown) within a first corporation, and the LAN may be connected to the telecommunications carrier network 700 via a gateway router 730 operated by the corporation. Similarly, the destination service node 728 may be operated by a second corporation, and it may be part of a second LAN (not shown) coupled to the network 706 of the second ISP via a gateway router 732 operated by the second corporation.
To establish a communication session between the source client node 726 and the destination service node 728, the source client node 726 typically transmits a lead packet for the session, which generally initiates a communication exchange between the source client node 726 and the destination service node 728. This allows subsequent session-related packets to be exchanged by the two nodes. The type of lead packet will depend on the protocol(s) being used by the source and destination nodes. For the example used herein, TCP/IP-based communications are assumed, in which case the lead packet may include a TCP SYN message carried in an IP datagram. This lead packet typically will include a source address equal to the IP address of the source client node 726 (i.e., 1.1.1.1), a destination address equal to the IP address of the destination service node 728 (i.e., 5.5.5.5), and various types of Transport Layer information including a source port number, a destination port number, and a protocol identifier. For convenience, the combination of source address, source port number, destination address, destination port number, and protocol identifier in a packet is referred to hereinafter collectively as a “5-tuple” and is used in various exemplary embodiments as a session identifier for “stateful” routing, as discussed below.
The lead packet 801 may be routed naturally and therefore, depending on various factors, the lead packet may or may not reach an AIPR on its way from the source node to the destination node. Thus, waypoints are not necessarily predetermined before the lead packet is transmitted by the source node. However, in some exemplary embodiments, a particular AIPR (e.g., AIPR 1 708 in
Assume the lead packet 801 reaches AIPR 1 708 before it reaches network 702, 704 or 706. AIPR 1 708 automatically identifies the lead packet as being an initial packet of a new session (in this example, referred to as “Session X”). AIPR 1 708 may use various techniques to identify the beginning of a session, as discussed in more detail below. For example, for a TCP/IP-based session, AIPR 1 708 may identify the beginning of the session based on the 5-tuple of information in the lead packet. AIPR 1 708 also determines that the lead packet 801 is not a modified lead packet containing session metadata. Therefore, AIPR 1 708 determines that it is the first waypoint AIPR for Session X and stores an indicator so that it will process subsequent packets associated with the session as the first waypoint AIPR. This is represented in
AIPR 1 708 stores 5-tuple information from the received lead packet 801 as the Return Association (RA) for Session X. This is represented in
To forward a modified lead packet (i.e., Modified Lead Packet 802) over an outgoing interface, AIPR 1 708 accesses its routing information base to look up routing information based on the original destination address of 5.5.5.5 (e.g., outgoing interface and next node information). In this example, AIPR 1 708 identifies AIPR 2 714 as the next waypoint AIPR based on the original destination address of 5.5.5.5. In certain exemplary embodiments, AIPR 1 708 then assigns a source port number and a destination port number for outgoing packets associated with the session to permit more than 65,535 sessions to be supported concurrently (in this example, source port number 30 and destination port number 40) and stores the resulting 5-tuple as the Forward Association (FA) for outgoing packets associated with the session. This is shown in
To force the lead packet to reach next waypoint AIPR 2 714 (as opposed to being randomly routed by the routers in the network), AIPR 1 708 modifies the destination address in the lead packet to the IP address of AIPR 2 714 (i.e., 3.3.3.3). In this example, AIPR 1 708 also modifies the source address in the lead packet to its own IP address (i.e., 2.2.2.2) so that AIPR 2 714 can route return packets back to AIPR 1 708. Also in this example, AIPR 1 708 modifies the source port and destination port fields to the assigned values. Importantly, AIPR 1 708 also modifies the lead packet to include a section of metadata including the original source address, destination address, source port, destination port, and protocol identifier from the original lead packet 801. As discussed below, this metadata is propagated to each successive AIPR on the path to allow each AIPR to maintain session information and also to allow the final AIPR on the path to restore the lead packet to its original form. AIPR 1 708 establishes and maintains various session parameters so that it can identify subsequent session packets and forward such session packets to AIPR 2 714 for stateful routing. AIPR 1 708 then transmits the modified lead packet 802 into the network toward AIPR 2 714 via the selected outgoing interface. In certain exemplary embodiments, AIPR 1 708 may establish a flow that associates the session with the incoming interface over which the lead packet 801 was received and the outgoing interface over which the modified lead packet 802 is forwarded.
In this example, AIPR 1 708 forwards the modified lead packet 802 to AIPR 2 714 via router 710. The modified lead packet 802 packet may traverse other routers between AIPR 1 708 and AIPR 2 714. Because the destination address in the modified lead packet 802 is set to the IP address of AIPR 2 714 (i.e., 3.3.3.3), the modified lead packet should eventually reach AIPR 2 714.
AIPR 2 714 automatically identifies the modified lead packet 802 as being an initial packet of the session, but also identifies that AIPR 2 714 is not the first waypoint for the session because the modified lead packet already contains metadata inserted by AIPR 1 708. AIPR 2 714 therefore becomes the second waypoint along the path the lead packet eventually follows.
AIPR 2 714 stores 5-tuple information from the received modified lead packet 802 as the Return Association (RA) for Session X. This is represented in
To forward a modified lead packet (i.e., Modified Lead Packet 803) over an outgoing interface, AIPR 2 714 accesses its routing information base to look up routing information based on the original destination address of 5.5.5.5 (e.g., outgoing interface and next node information). In this example, AIPR 2 714 identifies two possible next hop AIPRs for the lead packet to reach destination service node 728, namely AIPR 3 718 and AIPR 4 722. Assume AIPR 2 714 selects AIPR 4 722 as the next hop AIPR for the path. AIPR 2 714 therefore determines that it is an intermediate waypoint AIPR for the session, i.e., it is neither the first waypoint AIPR nor the last waypoint AIPR. AIPR 2 714 stores an indicator so that it will process subsequent packets associated with the session as an intermediate waypoint AIPR. This is represented in
To force the modified lead packet 803 to reach AIPR 4 722 (as opposed to being randomly routed by the routers in the network), AIPR 2 714 modifies the destination address in the lead packet to the IP address of AIPR 4 722 (i.e., 4.4.4.4). In this example, AIPR 2 714 also modifies the source address in the lead packet to its own IP address (i.e., 3.3.3.3) so that AIPR 4 722 can route return packets back to AIPR 2 714. Also in this example, AIPR 2 714 modifies the source port and destination port fields to the assigned values. Importantly, AIPR 2 714 leaves the section of metadata including the original source address, destination address, source port, destination port, and protocol identifier. AIPR 2 714 establishes and maintains various session parameters so that it can identify subsequent session packets and forward such session packets to AIPR 4 722 for stateful routing. AIPR 2 714 then transmits the modified lead packet 803 into the network toward AIPR 4 722 via the selected outgoing interface. In certain exemplary embodiments, AIPR 2 714 may establish a flow that associates the session with the incoming interface over which the modified lead packet 802 was received and the outgoing interface over which the modified lead packet 803 is forwarded.
In this example, AIPR 2 714 forwards the modified lead packet 803 to AIPR 4 722 via router 720. The modified lead packet 803 may traverse other routers between AIPR 2 714 and AIPR 4 722. Because the destination address in the modified lead packet 803 is set to the IP address of AIPR 4 722 (i.e., 4.4.4.4), the modified lead packet should eventually reach AIPR 4 722.
AIPR 4 722 automatically identifies the modified lead packet as being an initial packet of the session, but also identifies that AIPR 4 722 is not the first waypoint for the session because the modified lead packet already contains metadata inserted by AIPR 2 714. AIPR 4 722 therefore becomes the third waypoint along the path the lead packet eventually follows.
AIPR 4 722 stores 5-tuple information from the received modified lead packet 803 as the Return Association (RA) for Session X. This is represented in
To forward a modified lead packet (i.e., Modified Lead Packet 804) over an outgoing interface, AIPR 4 722 accesses its routing information base to look up routing information based on the original destination address of 5.5.5.5 (e.g., outgoing interface and next node information). AIPR 4 722 determines that there is no next hop AIPR for the lead packet to reach destination service node 728. AIPR 4 722 therefore determines that it is the last waypoint AIPR on the path. AIPR 4 722 stores an indicator so that it will process subsequent packets associated with the session as a final waypoint AIPR. This is represented in
As the last waypoint AIPR, AIPR 4 722 performs special processing on the lead packet. Specifically, AIPR 4 722 removes the metadata section from the lead packet and restores the source address, destination address, source port, destination port, and protocol identifier fields in the lead packet back to the original values transmitted by source client node 726, which it obtains from the metadata in modified lead packet 803. AIPR 4 722 establishes and maintains various session parameters so that it can identify subsequent session packets and forward such session packets to destination service node 728 for stateful routing. AIPR 4 722 then transmits the restored lead packet 804 into the network toward destination service node 728 via the selected outgoing interface. In certain exemplary embodiments, AIPR 4 722 may establish a flow that associates the session with the incoming interface over which the lead packet 803 was received and the outgoing interface over which the restored lead packet 804 is forwarded.
In this example, AIPR 4 722 forwards the restored lead packet 804 to destination service node 728 via routers 724 and 732. The restored lead packet 804 may traverse other routers between AIPR 4 722 and destination service node 728. Because the destination address in the restored lead packet 804 is set to the IP address of destination service node 728 (i.e., 5.5.5.5), the restored lead packet should eventually reach destination service node 728.
Thus, as a lead packet of the session traverses the internet when the session is established, each AIPR (waypoint) that the packet traverses records information that eventually enables the waypoint to be able to identify its immediately previous waypoint and its immediately next waypoint, with respect to the session.
It should be noted that each node can store information for multiple sessions. For example,
After the lead packet has been processed and the session-related information has been established by the waypoint AIPRs hop-by-hop from the source client node 726 to the destination service node 728, additional session packets may be exchanged between the source client node 726 and the destination service node 728 to establish an end-to-end communication session between the source client node 726 and the destination service node 728.
Based on the 5-tuple information contained in the received session packet 1201 and the Return Association stored in memory by AIPR 1 708, AIPR 1 708 is able to determine that the received session packet 1201 is associated with Session X. AIPR 1 708 forwards the packet according to the Forward Association information associated with Session X as shown in
Since the forwarded session packet 1202 has a destination address of 3.3.3.3 (i.e., the network address of AIPR 2 714), the session packet 1202 is routed to AIPR 2 714. Based on the 5-tuple information contained in the received session packet 1202 and the Return Association stored in memory by AIPR 2 714, AIPR 2 714 is able to determine that the received session packet 1202 is associated with Session X. AIPR 2 714 forwards the packet according to the Forward Association information associated with Session X as shown in
Since the forwarded session packet 1203 has a destination address of 4.4.4.4 (i.e., the network address of AIPR 4 722), the session packet 1203 is routed to AIPR 4 722. Based on the 5-tuple information contained in the received session packet 1203 and the Return Association stored in memory by AIPR 4 722, AIPR 4 722 is able to determine that the received session packet 1203 is associated with Session X. AIPR 4 722 forwards the packet according to the Forward Association information associated with Session X as shown in
Since the forwarded session packet 1204 has a destination address of 5.5.5.5 (i.e., the network address of destination service node 728), the forwarded session packet 1204 is routed to the destination service node 728, which processes the packet.
Here, the destination service node 728 sends a return packet 1301 having a source address (SA) of 5.5.5.5; a source port number of 20 (i.e., the original DP); a destination address of 1.1.1.1 (i.e., the original source address); a destination port number of 10 (i.e., the original SP); and a protocol identifier of 100. In this example, AIPR 4 722 is the default router/gateway for destination 5.5.5.5, so the return packet 1301 is routed by the network to AIPR 4 722.
Based on the 5-tuple information contained in the received return packet 1301 and the Forward Association stored in memory by AIPR 4 722, AIPR 4 722 is able to determine that the received return packet 1301 is associated with Session X. AIPR 4 722 forwards the packet according to the Return Association information associated with Session X as shown in
Since the forwarded return packet 1302 has a destination address of 3.3.3.3 (i.e., the network address of AIPR 2 714), the return packet 1302 is routed to AIPR 2 714. Based on the 5-tuple information contained in the received return packet 1302 and the Forward Association stored in memory by AIPR 2 714, AIPR 2 714 is able to determine that the received return packet 1302 is associated with Session X. AIPR 2 714 forwards the packet according to the Return Association information associated with Session X as shown in
Since the forwarded return packet 1303 has a destination address of 2.2.2.2 (i.e., the network address of AIPR 1 708), the return packet 1303 is routed to AIPR 1 708. Based on the 5-tuple information contained in the received return packet 1303 and the Forward Association stored in memory by AIPR 1 708, AIPR 1 708 is able to determine that the received return packet 1303 is associated with Session X. AIPR 1 708 forwards the packet according to the Return Association information associated with Session X as shown in
Since the forwarded return packet 1304 has a destination address of 1.1.1.1 (i.e., the network address of source client node 726), the forwarded return packet 1304 is routed to the source client node 726, which processes the packet.
It should be noted that an AIPR can assign source and destination port numbers in any of a variety of ways (e.g., sequentially, non-sequentially, randomly).
In block 1402, an intermediate AIPR obtains the lead packet of a session. In block 1404, the AIPR stores 5-tuple information from the received packet as Return Association information for the session.
In block 1405, the AIPR determines the next waypoint AIPR based on the original destination address. This typically involves accessing the AIPR's routing information base from which the AIPR can determine the outgoing port and next waypoint AIPR (if any) for the original destination address.
In block 1406, the AIPR assigns a session source port number and a session destination port number.
In block 1407, the AIPR stores 5-tuple information for a Forward Association. The Forward Association includes the AIPR's network address as the source address, the next node address as the destination address, the assigned session source and destination port numbers, and the original protocol identifier.
In block 1408, the AIPR creates a modified lead packet including the AIPR network address as the source address, the next node address as the destination address, the assigned session source and destination port numbers, and the original protocol identifier, and also including the original source and destination addresses and the original source and destination port numbers as metadata. In block 1410, the AIPR forwards the modified lead packet.
It should be noted that the flowchart of
Stateful routing can be accomplished without presuming that each AIPR has a priori knowledge of the other AIPRs in the network in relation to the network/next hop associations contained in its routing information base. For example, a particular AIPR may not know the next waypoint AIPR (if any) to use for the destination network address. Rather, each waypoint AIPR can determine the presence or absence of a next waypoint AIPR after forwarding a modified lead packet.
By way of example with reference to
Since AIPR 1 708 is the first waypoint AIPR, AIPR 1 708 is able to determine that future session-related packets received from the source client node 726 will have a source address (SA) of 1.1.1.1; a source port number of 10; a destination address of 5.5.5.5; a destination port number of 20; and a protocol identifier of 100.
To forward a modified lead packet, AIPR 1 708 does not know whether or not there is a next hop AIPR through which the modified lead packet will traverse. Therefore, rather than changing both the source address field and the destination address field in the lead packet, AIPR 1 708 may change just the source address field to be the network address of AIPR 1 708 (i.e., 2.2.2.2) and may insert any assigned source and destination port numbers as metadata rather than inserting the assigned source and destination port numbers in the source and destination port number fields of the modified lead packet and carrying the original source and destination port numbers as metadata as in the exemplary embodiment discussed above. Thus, for example, the modified lead packet transmitted by AIPR 1 708 may include the following information:
SA
2.2.2.2
SP
10
DA
5.5.5.5
DP
20
PR
100
SSP
30 (session source port number assigned by AIPR 1 708)
SDP
40 (session destination port number assigned by AIPR 1 708)
In this way, the modified lead packet transmitted by AIPR 1 708 will be routed based on the destination address of 5.5.5.5 and therefore may or may not traverse another AIPR on its way to destination service node 728. At this point, AIPR 1 708 does not know the destination address that will be used for session-related packets forwarded over an outgoing interface (since AIPR 1 708 does not determine until later whether or not it is the final waypoint AIPR between the source client node 726 and the destination service node 728).
Assume that the modified lead packet transmitted by AIPR 1 708 reaches AIPR 2 714. AIPR 2 714 identifies the modified lead packet as a lead packet for a new session as discussed above, and also determines that the modified lead packet is a modified lead packet containing session metadata. Therefore, AIPR 2 714 determines that it is not the first waypoint AIPR for the session. At this time, AIPR 2 714 is unable to determine whether or not it is the final waypoint AIPR for the session. AIPR 2 714 stores information from the received modified lead packet, such as the source address, the source port number, the destination port number, and the protocol identifier.
Since AIPR 2 714 is not the first waypoint AIPR, AIPR 2 714 is able to determine that future session-related packets received from AIPR 1 708 will have a source address (SA) of 2.2.2.2; a source port number of 30 (i.e., the SSP assigned by AIPR 1 708); destination address of 3.3.3.3; a destination port number of 40 (i.e., the SDP assigned by AIPR 1 708); and a protocol identifier of 100.
To forward a modified lead packet, AIPR 2 714 does not know whether or not there is a next hop AIPR through which the modified lead packet will traverse. Therefore, rather than changing both the source address field and the destination address field in the lead packet, AIPR 2 714 may change just the source address field to be the network address of AIPR 2 714 (i.e., 3.3.3.3) and may insert any assigned source and destination port numbers as metadata rather than inserting the assigned source and destination port numbers in the source and destination port number fields of the modified lead packet and carrying the original source and destination port numbers as metadata as in the exemplary embodiment discussed above. Thus, for example, the modified lead packet transmitted by AIPR 2 714 may include the following information:
SA
3.3.3.3
SP
10
DA
5.5.5.5
DP
20
PR
100
SSP
50 (session source port number assigned by AIPR 2 714)
SDP
60 (session destination port number assigned by AIPR 2 714)
In this way, the modified lead packet transmitted by AIPR 2 714 will be routed based on the destination address of 5.5.5.5 and therefore may or may not traverse another AIPR on its way to destination service node 728. At this point, AIPR 2 714 does not know the destination address that will be used for session-related packets forwarded over an outgoing interface (since AIPR 2 714 does not determine until later whether or not it is the final waypoint AIPR between the source client node 726 and the destination service node 728).
At some point, AIPR 2 714 identifies itself to AIPR 1 708 as a waypoint AIPR for the session (e.g., upon receipt of the modified lead packet from AIPR 1 708 or in a return packet associated with the session). This allows AIPR 1 708 to determine that it is not the final waypoint AIPR and therefore also allows AIPR 1 708 to determine the forward association parameters to use for forwarding session-related packets, i.e., AIPR 1 708 is able to determine that future session-related packets sent to AIPR 2 714 will have a source address (SA) of 2.2.2.2; a source port number of 30 (i.e., the SSP assigned by AIPR 1 708); destination address of 3.3.3.3; a destination port number of 40 (i.e., the SDP assigned by AIPR 1 708); and a protocol identifier of 100.
Assume that the modified lead packet transmitted by AIPR 2 714 reaches AIPR 4 722. AIPR 4 722 identifies the modified lead packet as a lead packet for a new session as discussed above, and also determines that the modified lead packet is a modified lead packet containing session metadata. Therefore, AIPR 4 722 determines that it is not the first waypoint AIPR for the session. At this time, AIPR 4 722 is unable to determine whether or not it is the final waypoint AIPR for the session. AIPR 4 722 stores information from the received modified lead packet, such as the source address, the source port number, the destination port number, and the protocol identifier.
Since AIPR 4 722 is not the first waypoint AIPR, AIPR 4 722 is able to determine that future session-related packets received from AIPR 2 714 will have a source address (SA) of 3.3.3.3; a source port number of 50 (i.e., the SSP assigned by AIPR 2 714); destination address of 4.4.4.4; a destination port number of 60 (i.e., the SDP assigned by AIPR 2 714); and a protocol identifier of 100.
To forward a modified lead packet, AIPR 4 722 does not know whether or not there is a next hop AIPR through which the modified lead packet will traverse. Therefore, rather than changing both the source address field and the destination address field in the lead packet, AIPR 4 722 may change just the source address field to be the network address of AIPR 4 722 (i.e., 4.4.4.4) and may insert any assigned source and destination port numbers as metadata rather than inserting the assigned source and destination port numbers in the source and destination port number fields of the modified lead packet and carrying the original source and destination port numbers as metadata as in the exemplary embodiment discussed above. Thus, for example, the modified lead packet transmitted by AIPR 4 722 may include the following information:
SA
4.4.4.4
SP
10
DA
5.5.5.5
DP
20
PR
100
SSP
70 (session source port number assigned by AIPR 4 722)
SDP
80 (session destination port number assigned by AIPR 4 722)
In this way, the modified lead packet transmitted by AIPR 4 722 will be routed based on the destination address of 5.5.5.5 and therefore may or may not traverse another AIPR on its way to destination service node 728. At this point, AIPR 4 722 does not know the destination address that will be used for session-related packets forwarded over an outgoing interface (since AIPR 4 722 does not determine until later whether or not it is the final waypoint AIPR between the source client node 726 and the destination service node 728).
At some point, AIPR 4 722 identifies itself to AIPR 2 714 as a waypoint AIPR for the session (e.g., upon receipt of the modified lead packet from AIPR 2 714 or in a return packet associated with the session). This allows AIPR 2 714 to determine that it is not the final waypoint AIPR and therefore also allows AIPR 2 714 to determine the forward association parameters to use for forwarding session-related packets, i.e., AIPR 2 714 is able to determine that future session-related packets sent to AIPR 4 722 will have a source address (SA) of 3.3.3.3; a source port number of 50 (i.e., the SSP assigned by AIPR 2 714); destination address of 4.4.4.4; a destination port number of 60 (i.e., the SDP assigned by AIPR 2 714); and a protocol identifier of 100.
Assume that the modified lead packet transmitted by AIPR 4 722 reaches the destination service node 728, which processes the modified lead packet without reference to the session metadata contained in the packet. Typically, this includes the destination device sending a reply packet back toward the source client node 726.
Since AIPR 4 722 receives a packet from the destination service node 728, as opposed to another waypoint AIPR, AIPR 4 722 is able to determine that it is the final waypoint AIPR and therefore also is able to determine the forward association parameters to use for forwarding session-related packets, i.e., AIPR 4 722 is able to determine that future session-related packets sent to the destination service node 728 will have a source address (SA) of 4.4.4.4; a source port number of 10 (i.e., the original SP); a destination address of 5.5.5.5; a destination port number of 20 (i.e., the original DP); and a protocol identifier of 100.
After the lead packet has been processed and the session-related information has been established by the waypoint AIPRs hop-by-hop from the source client node 726 to the destination service node 728, additional packets may be exchanged between the source client node 726 and the destination service node 728 in order to establish an end-to-end communication session between the source client node 726 and the destination service node 728.
Lead Packet Identification
As noted above, a waypoint should be able to identify a lead packet of a session. Various techniques may be used to identify lead packets. Some of these techniques are protocol-specific. For example, a TCP session is initiated according to a well-known three-part handshake involving a SYN packet, a SYN-ACK packet and an ACK packet. By statefully following packet exchanges between pairs of nodes, a waypoint can identify a beginning of a session and, in many cases, an end of the session. For example, a TCP session may be ended by including a FIN flag in a packet and having the other node send an ACK, or by simply including an RST flag in a packet. Because each waypoint stores information about each session, such as the source/destination network address and port number pairs, the waypoint can identify the session with which each received packet is associated. The waypoint can follow the protocol state of each session by monitoring the messages and flags, such as SYN and FIN, sent by the endpoints of the session and storing state information about each session in its database.
It should be noted that a SYN packet may be re-transmitted—each SYN packet does not necessarily initiate a separate session. However, the waypoint can differentiate between SYN packets that initiate a session and re-transmitted SYN packets based on, for example, the response packets.
Where a protocol does not define a packet sequence to end a session, the waypoint may use a timer. After a predetermined amount of time, during which no packet is handled for a session, the waypoint may assume the session is ended. Such a timeout period may also be applied to sessions using protocols that define end sequences.
The following table describes exemplary techniques for identifying the beginning and end of a session, according to various protocols. Similar techniques may be developed for other protocols, based on the definitions of the protocols.
Destination
Protocol
Port
Technique for Start/End Determination
TCP
Any
Detect start on the first SYN packet from a
new address/port unique within the TCP
protocol's guard time between address/port
reuse. Following the TCP state machine to
determine an end (FIN exchange, RST, or
guard timeout).
UDP-TFTP
69
Trap on the first RRQ or WRQ message to
define a new session, trap on an undersized
DAT packet for an end of session.
UDP-SNMP
161, 162
Trap on the message type, including
GetRequest, SetRequest, GetNextRequest,
GetBulkRequest, InformRequest for a start
of session, and monitor the Response for end
of session. For SNMP traps, port 162 is used,
and the flow of data generally travels in the
“reverse” direction.
UDP-
514
A single message protocol, thus each
SYSLOG
message is a start of session, and end of
session.
UDP-RTP
Any
RTP has a unique header structure, which
can be reviewed/analyzed to identify a start
of a session. This is not always accurate, but
if used in combination with a guard timer on
the exact same five-tuple address, it should
work well enough. The end of session is
detected through a guard timer on the five-
tuple session, or a major change in the RTP
header.
UDP-RTCP
Any
RTCP also has a unique header, which can
be reviewed, analyzed, and harvested for
analytics. Each RTCP packet is sent
periodically and can be considered a “start of
session” with the corresponding RTCP
response ending the session. This provides a
very high quality way of getting analytics
for RTCP at a network middle point, without
using a Session Border Controller.
UDP-DNS
53
Each DNS query is a single UDP message
(Nameserver)
and response. By establishing
a forward session (and subsequent backward
session) the Augmented router gets the entire
transaction. This allows analytics to be
gathered and manipulations that are
appropriate at the Augmented router.
UDP-NTP
123
Each DNS query/response is a full session.
So, each query is a start, and each response
is an end.
These packets and the identified fields may be used to identify the beginning of a session, as summarized in the following table.
Data Item
Where From
Description
Physical
Ethernet
This is the actual port that the
Interface
Header
message was received on, which can
be associated or discerned by the
Destination MAC Address
Tenant
Ethernet
Logical association with a group of
Header OR
computers.
Source MAD
Address &
Previous
Advertisement
Protocol
IP Header
This defines the protocol in use and,
for the TCP case, it must be set to a
value that corresponds to TCP
Source IP
IP Header
Defines the source IP Address of the
Address
initial packet of a flow.
Destination IP
IP Header
Defines the destination IP Address of
Address
the initial packet of a flow.
Source Port
TCP or UDP
Defines the flow instance from the
Header
source. This may reflect a client, a
firewall in front of the client, or a
carrier grade NAT.
Destination
TCP or UDP
This defines the desired service
Port
Header
requested, such as 80 for HTTP.
Sequence
TCP Header
This is a random number assigned by
Number
the client. It may be updated by a
firewall or carrier grade NAT.
SYN Bit On
TCP Header
When the SYN bit is on, and no
others, this is an initial packet of a
session. It may be retransmitted if
there is no response to the first SYN
message.
The lead packet, and hence the session identifying information, can include information from a single field or can include information from multiple fields. In certain exemplary embodiments, sessions are based on a “5-tuple” of information including the source IP address, source port number, destination IP address, destination port number, and protocol from the IP and TCP headers.
Augmented IP Router (AIPR)
A lead packet identifier 1906 automatically identifies lead packets, as discussed herein. In general, the lead packet identifier 1906 identifies a lead packet when the lead packet identifier 1906 receives a packet related to a session that is not already represented in the AIPR's information base 1910, such as a packet that identifies a new source client/destination service network address/port number pair. As noted, each lead packet is an initial, non-dropped, packet of a series of packets (session). Each session includes a lead packet and at least one subsequent packet. The lead packet and all the subsequent packets are sent by the same source client toward the same destination service, for forward flow control. For forward and backward flow control, all the packets of the session are sent by either the source client or the destination service toward the other.
A session (packet series) manager 1908 is coupled to the lead packet identifier 1906. For each session, the session manager assigns a unique identifier. The unique identifier may be, for example, a combination of the network address of the AIPR 1900 or of the interface 1902, in combination with a first port number assigned by the session manager 1908 for receiving subsequent packets of this session. The unique identifier may further include the network address of the AIPR 1900 or of the other interface 1904, in combination with a second port number assigned by the session manager 1908 for transmitting the lead packet and subsequent packets. This unique identifier is associated with the session. The session manager 1908 stores information about the session in an information base 1910. This information may include the unique identifier, in association with the original source client/destination service network address/port number pairs.
State information about the session may be stored in a state column 2015. This information may be used to statefully follow a series of packets, such as when a session is being initiated or ended.
A backward column includes sub-columns for storing information 2016 about a portion of the backward path, specifically to the previous AIPR. The backward path information 2016 includes information 2018 about the previous AIPR and information 2020 about the present AIPR 1900. The information 2018 about the previous AIPR includes the AIPR's network address 2022 and port number 2024. The session manager 1908 extracts this information from the lead packet, assuming the lead packet was forwarded by an AIPR. If, however, the present AIPR 1900 is the first AIPR to process the lead packet, the information 2018 is left blank as a flag. The information 2020 about the present AIPR 1900 includes the network address 2026 of the interface 1902 over which the lead packet was received, as well as the first port number 2028 assigned by session manager 1908.
The waypoint information base 2000 is also configured to store information 2030 about a portion of the forward path (of a session), specifically to the next AIPR. This information 2030 includes information 2032 about the present AIPR 1900 and information 2034 about the next AIPR along the path, assuming there is a next AIPR. The information 2032 includes the network address 2036 of the interface over which the present AIPR will send the lead packet and subsequent packets, as well as the second port number 2038 assigned by the session manager 1908. The information 2034 about the next AIPR along the path may not yet be available, unless the AIPR is provisioned with information about the forward path. The information 2034 about the next AIPR includes its network address 2040 and port number 2042. If the information 2034 about the next AIPR is not yet available, the information 2034 may be filled in when the AIPR 1900 processes a return packet, as described below.
Some embodiments of the waypoint information base 2000 may include the forward information 2030 without the backward information 2016. Other embodiments of the waypoint information base 2000 may include the backward information 2016 without the forward information 2030. Statistical information may be gathered and/or calculated using either or both forward and backward information 2016.
Returning to
Returning to
Eventually, the destination service sends a return packet. The AIPR 1900 receives the return packet via the second interface 1904. If another AIPR (downstream AIPR) between the present AIPR 1900 and the destination service handles the lead packet and the return packet, the downstream AIPR modifies the return packet to include the downstream AIPR's network address and a port number. A downstream controller 1916 identifier uses stateful inspection, as described herein, to identify the return packet. The downstream controller 1916 stores information 2034 (
A last packet identifier 1920 statefully follows each session, so as to identify an end of each stream, as discussed above. As noted, in some cases, the end is signified by a final packet, such as a TCP packet with the RST flag set or a TCP ACK packet in return to a TCP packet with the FIN flag set. In other cases, the end may be signified by a timer expiring. When the end of a session is detected, the packet series manager 1908 disassociates the unique identifier from the session and deletes information about the session from the waypoint information base 2000.
Where the AIPR 1900 is provisioned to be a last AIPR before a destination service, the lead packet modifier 1906 restores the lead packet to the state the lead packet was in when the source client sent the lead packet, or as the lead packet was modified, such as a result of network address translation (NAT). Similarly, the subsequent packet modifier 1918 restores subsequent packets.
Similarly, if the destination address of the lead packet is the same as the network address of the AIPR 1900, or its network interface 1902 over which it receives the lead packets, the lead packet modifier 1906 and the subsequent packet modifier 1918 restore the packet and subsequent packets.
As noted, in some protocols, several packets are required to initiate a session, as with the SYN-SYN/ACK-ACK handshake of the TCP. Thus, the downstream controller identifier 1916 may wait until a second return packet is received from the destination service before considering a session as having started.
As noted, some embodiments of the waypoint 1900 also manage return packet paths. The lead packet identifier 1906 automatically ascertains whether a lead packet was forwarded to the waypoint 1900 by an upstream waypoint. If the lead packet includes a session data block, an upstream waypoint forwarded the lead packet. The packet series manager 1908 stores information about the upstream waypoint in the waypoint information base 1910. A return packet identifier 1922 receives return packets from the second network interface 1904 and automatically identifies return packets of the session. These return packets may be identified by destination address and port number being equal to the information 2032 (
The packets in the session have a unique session identifier. At 2204, a prior node, through which the lead packet traversed, is determined. The prior node has a prior node identifier. At 2206, a return association is formed between the prior node identifier and the session identifier. At 2208, the return association is stored in memory to maintain state information for the session.
At 2210, the lead packet is modified to identify at least the intermediate node. At 2212, the lead packet is forwarded toward the destination node though an intermediate node electronic output interface to the IP network. The next hop node may be determined any number of ways. The electronic output interface is in communication with the IP network. At 2214, a backward message (e.g., a packet, referred to as a “backward packet”) is received through an electronic input interface of the intermediate node. The backward message is received from a next node having a next node identifier. The backward message includes the next node identifier and the session identifier. The electronic input interface is in communication with the IP network.
At 2216, a forward association is formed between the next node identifier and the session identifier. At 2218, the forward association is stored in memory, to maintain state information for the session. At 2220, additional packets of the session are obtained. At 2222, substantially all of the additional packets in the session are forwarded toward the next node, using the stored forward association. The additional packets are forwarded through the electronic output interface of the intermediate node.
At 2224, a plurality of packets is received in a return session, or a return portion of the session, from the destination. The return session is addressed toward the originating node. At 2226, substantially all the packets in the return session are forwarded toward the prior node, using the stored return association. The packets are forwarded through the electronic output interface.
In a manner similar to other components discussed above, the AIPR 1900 and all or a portion of its components 1902-1924 may be implemented by a processor executing instructions stored in a memory, hardware (such as combinatorial logic, Application Specific Integrated Circuits (ASICs), Field-Programmable Gate Arrays (FPGAs) or other hardware), firmware or combinations thereof.
Link Status Monitoring Based on Packet Loss Detection
As discussed above, it is common for certain nodes in a communication system (e.g., AIPRs) to run a link monitoring protocol to monitor communication links to and from adjacent nodes. In exemplary embodiments of the present invention, special metadata is added to link monitoring protocol messages exchanged by pairs of adjacent nodes to allow such nodes to detect communication link failures and determine whether a failure affects an incoming communication link or an outgoing communication link.
Specifically, two nodes exchange link monitoring protocol messages including special metadata (discussed in more detail below) that allows a node to determine the status of both the incoming communication link and the outgoing communication link between the two nodes. In the event one or both communication links include a source NAT device, the special metadata passes unchanged through the source NAT device and therefore allows for such link status monitoring even in the presence of source NAT. In certain exemplary embodiments, link status information can be used in the context of “stateful” routing, as discussed herein.
Various exemplary embodiments are described herein with reference to use of the Bidirectional Forwarding Detection (BFD) protocol described in IETF RFC 5880, which is hereby incorporated herein by reference in its entirety. Specifically, a sending node transmits BFD packets including special metadata that allows a node to perform link status monitoring based on packet loss detection. For convenience, this use of the BFD protocol with added metadata may be referred to herein as “augmented BFD.” In certain exemplary embodiments, link status information can be used in the context of “stateful” routing, as discussed herein. It should be noted, however, that the invention is not limited to such use of the BFD protocol. Rather, special metadata of the type described herein could be used in conjunction with other types of protocol messages (e.g., “Hello” messages, “Ping” messages, “Keep-Alive” messages, certain routing protocol messages, etc.) to perform link status monitoring based on packet loss detection as discussed herein.
BFD packets have a Mandatory Section and an optional Authentication Section. The Mandatory Section of a BFD Control packet has the format shown in Section 4 of IETF RFC 5880 which was incorporated by reference above.
The optional Authentication Section has the format shown in Section 4 of IETF RFC 5880 which was incorporated by reference above.
The format of the Authentication Section, if present, is dependent on the type of authentication in use.
BFD packets are transmitted in an encapsulation appropriate to the environment. For example, in certain exemplary embodiments, BFD packets are encapsulated or carried in Internet Protocol (IP) datagrams and may be further encapsulated within a transport layer protocol segments, such as User Datagram Protocol (UDP) segments, within IP datagrams. Transport layer segments are essentially used to carry information from a particular application in a source device to the corresponding application in a destination device, whereas the IP datagram itself is essentially used as an envelope to carry the transport layer segment and its payload from the source device to the destination device.
There are two commonly-used versions of IP, namely IP version 4 (“IPv4”) and IP version 6 (“IPv6”). IPv4 is described in IETF RFC 791, which is hereby incorporated herein by reference in its entirety. IPv6 is described in IETF RFC 2460, which is hereby incorporated herein by reference in its entirety. The main purpose of both versions is to provide unique global computer addressing to ensure that communicating devices can identify one another. One of the main distinctions between IPv4 and IPv6 is that IPv4 uses 32-bit addresses, whereas IPv6 utilizes 128 bit addresses. In addition, IPv6 can support larger datagram sizes.
IPv4 datagrams have the general header format shown in Section 3.1 of IETF RFC 791 which was incorporated by reference above.
IPv6 datagrams have the general header format shown in Section 3 of IETF RFC 2460 which was incorporated by reference above.
Thus, an IP datagram that encapsulates or carries a BFD packet will have an IP header including, among other things, a source address field and a destination address field.
UDP is described generally in IETF RFC 768, which is hereby incorporated herein by reference in its entirety. The general format of a UDP segment is shown in IETF RFC 768 which was incorporated by reference above.
Thus, an IP datagram with a UDP segment that encapsulates or carries a BFD packet will have, in addition to an IP header, a UDP header including a source port field and a destination port field.
Exemplary embodiments are described herein with reference to
Packets can get lost between nodes N1 and N2. For various reasons, it can be necessary or desirable to detect not only the loss of packets but also to determine whether packets are being lost on the communication link from Node N1 to Node N2 or on the communication link from Node N2 to Node N1. For example, identification of a faulty or error-prone communication link can be used to make routing decisions, such as to avoid the communication link or to only use the communication link for certain types of communication traffic.
Therefore, in accordance with one exemplary embodiment, Node N1 is configured to transmit link monitoring protocol messages to Node N2 including, as metadata, a forward sequence number that Node N1 increments for each link monitoring protocol message it transmits to Node N2. For each link monitoring protocol message received by Node N2 from Node N1, Node N2 is configured to return a link monitoring protocol message back to the Node N1 including, as metadata, the forward sequence number from the received link monitoring protocol message and a separate return sequence number that Node N2 increments for each link monitoring protocol message it returns to Node N1. Based on the sequence numbers in the link monitoring protocol messages received back from Node N2, Node N1 can determine if any packets were lost and, if so, also can determine whether the packets were lost on the outgoing communication link to Node N2 or on the incoming communication link from Node N2. The forward sequence numbers sent by Node N1 may allow Node N2 to determine whether any packets were lost on the incoming communication link from Node N1. Also, Node N1 may include return sequence numbers received from Node N2 in its link monitoring protocol messages, which may allow Node N2 to determine whether packets were lost on the outgoing communication link to Node N1.
Thus, in certain exemplary embodiments, the nodes exchange link monitoring protocol messages having the following information:
Header
SA/SP
(source address/source port number)
DA/DP
(destination address/destination port number)
Metadata
Fwd Seq
(forward sequence number)
Ret Seq
(return sequence number)
In certain exemplary embodiments, such link monitoring protocol messages may be augmented BFD messages using so-called “echo” mode. Generally speaking, BFD echo mode is intended for use where the receiving node (i.e., Node N2 in this example) simply returns the received packet back to the sending node (i.e., Node N1 in this example), typically by the forwarding path of the node without having the BFD message processed by the service path (or with minimal processing by the service path, if the receiving node does not have separate forwarding and service paths). However, in exemplary embodiments of the present invention, the receiving node (i.e., Node N2 in this example) is specially configured to insert a return sequence number in each link monitoring protocol message returned to the sending node.
As mentioned above, in certain exemplary embodiments, the link monitoring protocol messages may be augmented BFD messages that may be transmitted and processed by the forwarding path of the nodes.
It should be noted that, in each forward link monitoring protocol message, the source node may include a distinct return sequence number from a distinct received return link monitoring protocol message. In this way, the target node would be able to detect certain types of problems on both its outgoing communication link and its incoming communication link based on the forward and return sequence numbers received from the source node. For example, if there is a gap in forward sequence numbers, or if forward sequence numbers are out-of-order, the target node can infer that there was a problem on its incoming communication link. If there is gap in return sequence numbers, of if return sequence numbers are out-of-order, the target node can infer that there was a problem on its outgoing communication link. The target node can store such link status information, e.g., in its routing information base, and can use link status information in the same manner that the source node can use its link status information.
It should be noted that the source node typically transmits forward link monitoring protocol messages at a predetermined frequency (e.g., a message every X seconds or milliseconds, or a set of N messages every M seconds or milliseconds). The frequency at which the messages are sent affects the granularity with which link failure scenarios can be detected, with a higher frequency providing a higher granularity but also consuming more network bandwidth. Thus, different embodiments may use different frequencies.
Link Status Monitoring for Reverse FIB Enforcement
Link status information gathered using the link status monitoring techniques described above can be used in a variety of networking scenarios, from simply monitoring communication links to making complex routing or network reconfiguration changes.
In certain exemplary embodiments, the link status monitoring techniques described above may be used in the context of reverse Forwarding Information Base (FIB) enforcement for stateful routing as described in 4094/1021, which is hereby incorporated herein by reference. Here, an AIPR may use link status information when processing a first packet for a new session, specifically as part of deciding whether to establish the session and which interface to use for the return path for the session. For example, when a first packet for a new session arrives at an AIPR on a given ingress interface, the AIPR may determine whether the ingress interface is suitable for use in forwarding return session packets. In certain exemplary embodiments, determining whether the ingress interface is suitable for the return path includes first determining if the routing information base includes a valid route for the return path and, if there is a valid route for the return path, determining whether the next hop on the return path is associated with the ingress interface. If there is not a valid route for the return path and the next hop for the route is via the ingress interface, then the ingress interface is deemed to be suitable for the return path, otherwise the ingress interface is deemed to be not suitable for the return path. Additionally or alternatively, if a certain level of performance is required (e.g., bandwidth, error rate, latency, etc.), then the AIPR may determine whether the ingress interface can provide that level of performance for return packets, e.g., using link status information gathered using the link monitoring techniques described herein to determine link status based on packet loss. If the ingress interface is suitable for the return path, then the AIPR may continue to establish the session using the ingress port for the return path. If the ingress interface is not suitable for the return path, then the AIPR may drop the session (e.g., by either sending back a session rejection message or sending back no reply message) if the session is required to a bi-flow session or may try to use another interface for the return path if the session is not required to be a bi-flow session. For example, the AIPR may determine if one or more other interfaces are suitable for the return path and either continue to establish the session using an alternate interface that is suitable for the return path or drop the session if no interface is suitable for the return path. Link status information gathered using the link monitoring techniques described herein may be stored along with other routing information in a reverse FIB.
Link Status Monitoring with Source NAT Detection
In certain exemplary embodiments, certain nodes may exchange link monitoring protocol messages including both packet loss detection metadata as discussed above and source network address translator (NAT) detection metadata, as described in 4094/1018, which is hereby incorporated herein by reference. The source NAT detection metadata allows each node to determine the status of source NAT on communication links to and from the other node, e.g., if source NAT is present on the communication link, or if there is a change in source NAT configuration (e.g., from enabled to disabled, from disabled to enabled, or from one translation to another translation). The special metadata also allows true source information (e.g., source address and source port number) to be conveyed between nodes even in the presence of source NAT, because the source NAT device does not change the metadata in the message because the metadata is considered to be part of the message payload. In certain exemplary embodiments, knowledge regarding the presence of source NAT devices as well as the true source information conveyed through the source NAT devices via the special metadata can be used in the context of “stateful” routing.
An exemplary embodiments is now described with reference to the communication system shown in
Header
SA/SP
(source address/source port number)
DA/DP
(destination address/destination port number)
Metadata
Fwd Seq
(forward sequence number)
Ret Seq
(return sequence number)
Exp SA/SP
(expected source address/source port number)
Exp DA/DP
(expected destination address/destination port number)
Act SA/SP
(actual source address/source port number)
Act DA/DP
(actual destination address/destination port number)
The header portion contains a “tuple” of actual address/port information used to route the message from the sending node to the receiving node. In this example, Node N1 addresses messages to Node N2 using appropriate address/port numbers, and Node N2 addresses message to Node N1 using appropriate address/port numbers. The source address and/or source port number in the header field are subject to being translated by a source NAT on the outgoing communication link from the sending node to the receiving node. Thus, the header information received by the receiving node may be different than the header information transmitted by the sending node.
The “expected” metadata contains a “tuple” specifying address/port information that the sending node expects to receive back in the header portion of messages received from the other node assuming no source NAT in either direction. Thus, in this example, Node N1 configures the “expected” metadata in messages it sends to Node N2 to be the address/port information it expects to receive from Node N2, and Node N2 configures the “expected” metadata in messages it sends to Node N1 to be the address/port information it expects to receive from Node N1. In certain exemplary embodiments, the “expected” metadata sent by Node N1 and the “expected” metadata sent by Node N2 includes a common set of session identification information, which are essentially “swapped” versions of one another, as described below.
The “actual” metadata contains a “tuple” specifying the actual address/port information that the sending node received in the header portion of the last message it received from the other node.
Each node stores a local copy of the last header information tuple it received from the other node and a local copy of the last “actual” metadata tuple it received from the other node.
When a node receives a message, if can determine if there is source NAT (or any change in source NAT status) on both the incoming communication link and the outgoing communication link, based on the information in the received messages and the local copies of information. Specifically, the node can determine if there is source NAT or a change in source NAT status on the incoming communication link by comparing the header information tuple in the received message with the local copy of the last header information received tuple—if the tuples are different, then there has been a change in source NAT status on the incoming communication link. Also, the node can determine if there is source NAT or a change in source NAT status on the outgoing communication link by comparing the “actual” metadata tuple in the received message with the local copy of the last “actual” information received tuple—if the tuples are different, then there has been a change in source NAT status on the outgoing communication link. If there has been a change in source NAT status on the incoming communication link and/or the outgoing communication link, then the node can determine the type of change (e.g., whether source NAT was enabled, disabled, or changed from one translation to another translation) based on the received information, the local copies, and the expected session identification information.
The following provides an example of a packet loss detection and source NAT detection protocol exchange when there is source NAT on both the communication link from Node N1 to Node N2 and the communication link from Node N2 to Node N1, in accordance with one exemplary embodiment. Node N1 (which is associated with a fictitious network address 1.1.1.1) transmits an initial link monitoring protocol message addressed to Node N2 (which is associated with a fictitious network address 2.2.2.2). Specifically, the message includes a header portion and a metadata portion, as follows:
Header
SA/SP
1.1.1.1/1281
DA/DP
2.2.2.2/1280
Metadata
Fwd Seq
10
Ret Seq
0
Exp SA/SP
2.2.2.2/1280
Exp DA/DP
1.1.1.1/1281
Act SA/SP
2.2.2.2/1280
Act DA/DP
1.1.1.1/1281
The metadata included by Node N1 includes a set of forward (“Fwd”) and return (“Ret”) sequence numbers (in this case, an initial forward and return sequence numbers).
The metadata included by Node N1 also includes an expected (“Exp”) metadata tuple that reflects the original address/port information that Node N1 expects to receive back from Node N2 (assuming no source NAT device is present on the communication link from Node N1 to Node N2). Node N1 also includes an actual (“Act”) metadata tuple that in this exemplary embodiment is initially the same as the “expected” metadata tuple (since there was no previous message received by Node N1 from Node N2). Node N1 stores the original address/port information, e.g., as part of its session-related data for stateful routing as discussed above, and may set up initial flows based on the original address/port information. Node N1 also stores a local copy of the expected header information and a local copy of the expected “actual” metadata. Thus, for example, Node N1 may store the following local copies:
Node N1 LAST HEADER INFORMATION RECEIVED
SA/SP
2.2.2.2/1280
DA/DP
1.1.1.1/1281
Node N1 LAST ACTUAL METADATA RECEIVED
Act SA/SP
1.1.1.1/1281
Act DA/DP
2.2.2.2/1280
Thus, Node N1 essentially initializes its LAST HEADER INFORMATION RECEIVED tuple to be the tuple it would expect to receive from Node N2 if there is no source NAT on the incoming communication link from Node N2 to Node N1 and initializes its LAST ACTUAL METADATA RECEIVED tuple to be the information it would expect to receive from Node N2 if there is no source NAT on the outgoing communication link from Node N1 to Node N2.
In this example, there is source NAT on the communication link from Node N1 to Node N2 that translates 1.1.1.1/1281 to 3.3.3.3/1381. Therefore, Node N2 may receive the following message including translated source information:
Header
SA/SP
3.3.3.3/1381
DA/DP
2.2.2.2/1280
Metadata
Fwd Seq
10
Ret Seq
0
Exp SA/SP
2.2.2.2/1280
Exp DA/DP
1.1.1.1/1281
Act SA/SP
2.2.2.2/1280
Act DA/DP
1.1.1.1/1281
Specifically, source address 1.1.1.1 has been translated to 3.3.3.3 and source port number 1281 has been translated to 1381.
Upon receipt of the message, Node N2 determines that the received message is for a new link monitoring protocol session. At this point Node N2 may not have initialized local copies of LAST HEADER INFORMATION RECEIVED tuple and LAST ACTUAL METADATA RECEIVED tuple since the received message is the first message received for this link monitoring protocol session. Node N2 therefore may initialize its local copy of LAST HEADER INFORMATION RECEIVED tuple based on the “expected” metadata tuple in message 2804 and its local copy of LAST ACTUAL METADATA RECEIVED tuple from the “actual” metadata tuple in the received message. Thus, for example, Node N2 may store the following initial local copies:
Node N2 LAST HEADER INFORMATION RECEIVED
SA/SP
1.1.1.1/1281
DA/DP
2.2.2.2/1280
Node N2 LAST ACTUAL METADATA RECEIVED
Act SA/SP
2.2.2.2/1280
Act DA/DP
1.1.1.1/1281
In order to determine if there is source NAT (or a change in source NAT status) on the incoming communication link from Node N1 to Node N2, Node N2 compares the address/port information tuple in the header with its local copy of LAST HEADER INFORMATION RECEIVED tuple. In this example, Node N2 can determine that there is source NAT on the communication link from Node N1 to Node N2, because the address/port information tuple in the header does not match the local copy of LAST HEADER INFORMATION RECEIVED tuple.
Also, in order to determine if there is source NAT (or a change in source NAT status) on the outgoing communication link from Node N2 to Node N1, Node N2 compares the “actual” metadata tuple in the received message with the local copy of LAST ACTUAL METADATA RECEIVED tuple. This comparison would allow Node N2 to determine if there is source NAT on the communication link from Node N2 to Node N1, although in this first message from Node N1, the “actual” metadata tuple in the message and the local copy of LAST ACTUAL METADATA RECEIVED tuple (which is based on the “expected” metadata in the message) are the same, so Node N2 initially determines that there is no source NAT on the communication link from Node N2 to Node N1 (even if there is, in fact, source NAT on that communication link).
Node N2 stores session information from the “expected” metadata and the header, e.g., as part of its session-related data for stateful routing as discussed above, and also may set up flows based on the received address/port information. Node N2 also updates the local copy of the LAST HEADER INFORMATION RECEIVED tuple and the local copy of the LAST ACTUAL METADATA RECEIVED tuple based on the received message. Thus, for example, Node N2 now may store the following local copies:
Node N2 LAST HEADER INFORMATION RECEIVED (updated)
SA/SP
3.3.3.3/1381
DA/DP
2.2.2.2/1280
Node N2 LAST ACTUAL METADATA RECEIVED (updated)
Act SA/SP
2.2.2.2/1280
Act DA/DP
1.1.1.1/1281
Node N2 transmits a return link monitoring protocol message addressed to Node N1, as follows.
Header
SA/SP
2.2.2.2/1280
DA/DP
3.3.3.3/1381
Metadata
Fwd Seq
10
Ret Seq
101
Exp SA/SP
1.1.1.1/1281
Exp DA/DP
2.2.2.2/1280
Act SA/SP
3.3.3.3/1381
Act DA/DP
2.2.2.2/1280
Here, Node N2 copies the address/port information from the header of the received message into the “actual” metadata of the return message and configures the “expected” address/port information in the return message to reflect the address/port information that Node N2 expects to receive back from Node N1 (assuming no source NAT device is present on the communication link from Node N2 to Node N1). Node N2 also returns the forward sequence number from the received message and adds a return sequence number.
Because there is source NAT in both directions in this example, Node N1 may receive the following message:
Header
SA/SP
4.4.4.4/1480
DA/DP
1.1.1.1/1281
Metadata
Fwd Seq
10
Ret Seq
101
Exp SA/SP
1.1.1.1/1281
Exp DA/DP
2.2.2.2/1280
Act SA/SP
3.3.3.3/1381
Act DA/DP
2.2.2.2/1280
Here, the destination address and destination port number have been restored by the source NAT device, from 3.3.3.3/1381 to 1.1.1.1/1281, and the source address and source port number have been translated by the source NAT device, from 2.2.2.2/1280 to 4.4.4.4/1480.
In order to determine if there is source NAT (or a change in source NAT status) on the outgoing communication link from Node N1 to Node N2, Node N1 compares the “actual” metadata tuple (i.e., the actual address/port information received by Node N2) with its local copy of LAST ACTUAL METADATA RECEIVED tuple. In this example, Node N1 can determine that there is source NAT on the outgoing communication link from Node N1 to Node N2 because the “actual” metadata tuple received in the received message does not match the local copy of LAST ACTUAL METADATA RECEIVED tuple. In certain embodiments, Node N1 may reconfigure a flow associated with the session upon detecting the presence of the source NAT on the outgoing communication link, as discussed below.
Also, in order to determine if there is source NAT (or a change in source NAT status) on the incoming communication link from Node N2 to Node N1, Node N1 compares the address/port information tuple in the header with its local copy of LAST HEADER INFORMATION RECEIVED tuple. In this example, Node N1 can determine that there is source NAT on the incoming communication link from Node N2 to Node N1, because the address/port information tuple in the header does not match its local copy of LAST HEADER INFORMATION RECEIVED tuple. In certain embodiments, Node N1 may reconfigure a flow associated with the session upon detecting the presence of the source NAT on the incoming communication link, as discussed below. Node N1 also stores a local copy of the header information tuple and a local copy of the “actual” metadata tuple. Thus, for example, Node N1 now may store the following local copies:
Node N1 LAST HEADER INFORMATION RECEIVED (updated)
SA/SP
4.4.4.4/1480
DA/DP
1.1.1.1/1281
Node N1 LAST ACTUAL METADATA RECEIVED (updated)
Act SA/SP
3.3.3.3/1381
Act DA/DP
2.2.2.2/1280
Node N1 transmits a second link monitoring protocol message to Node N2, as follows:
Header
SA/SP
1.1.1.1/1281
DA/DP
4.4.4.4/1480
Metadata
Fwd Seq
11
Ret Seq
101
Exp SA/SP
2.2.2.2/1280
Exp DA/DP
1.1.1.1/1281
Act SA/SP
4.4.4.4/1480
Act DA/DP
1.1.1.1/1281
Here, Node N1 copies the address/port information tuple from the header of the received message into the “actual” metadata tuple of the second message and configures the “expected” metadata tuple in the second message to reflect the address/port information that Node N1 expects to receive back from Node N2 (which is the same as in the original message). Node N1 also increments the forward sequence number to 11 and may include the received return sequence number of 101 in the metadata.
Because there is a source NAT device in this example, Node N2 may receive the following message:
Header
SA/SP
3.3.3.3/1381
DA/DP
2.2.2.2/1280
Metadata
Fwd Seq
11
Ret Seq
101
Exp SA/SP
2.2.2.2/1280
Exp DA/DP
1.1.1.1/1281
Act SA/SP
4.4.4.4/1480
Act DA/DP
1.1.1.1/1281
In order to determine if there is source NAT (or a change in source NAT status) on the outgoing communication link from Node N2 to Node N1, Node N2 compares the “actual” metadata tuple (i.e., the actual address/port information received by Node N1) with its local copy of LAST ACTUAL METADATA RECEIVED tuple. In this example, Node N2 now can determine that there is source NAT on the outgoing communication link from Node N2 to Node N1 because the “actual” metadata tuple in the received message does not match the local copy of LAST ACTUAL METADATA RECEIVED tuple. Node N2 may reconfigure a flow associated with the session upon detecting the presence of the source NAT on the outgoing communication link, as discussed below.
Also, in order to determine if there is source NAT (or a change in source NAT status) on the incoming communication link from Node N1 to Node N2, Node N2 compares the address/port information tuple in the header of the received message with its local copy of LAST HEADER INFORMATION RECEIVED tuple. In this example, Node N2 can determine that there has been no change in source NAT status on the communication link from Node N1 to Node N2, because the address/port information tuple in the header of the received message matches the local copy of LAST HEADER INFORMATION RECEIVED tuple.
Node N2 updates its local copy of LAST HEADER INFORMATION RECEIVED tuple and its local copy of the LAST ACTUAL METADATA RECEIVED tuple based on the received message. Thus, for example, Node N2 now may store the following local copies:
Node N2 LAST HEADER INFORMATION RECEIVED (updated)
SA/SP
3.3.3.3/1381
DA/DP
2.2.2.2/1280
Node N2 LAST ACTUAL METADATA RECEIVED (updated)
Act SA/SP
4.4.4.4/1480
Act DA/DP
1.1.1.1/1281
Using this mechanism, a node can determine not only that a change in source NAT status occurred, but also the type of source NAT status change. The example given above demonstrates various cases of a node detecting a change from no source NAT to source NAT enabled on a communication link. This mechanism also allows a node to detect source NAT becoming disabled on a communication link (e.g., if the last message received by Node N2 had been received with SA/SP of 1.1.1.1/1281, Node N2 would have detected the change because the address/port information in the header would not have matched the local copy of expected header information but instead would have matched Node N2's expected address/port information. Similarly, this mechanism allows a node to detect a change in address translations (e.g., if the last message received by Node N2 had been received with SA/SP of 5.5.5.5/1581, Node N2 would have detected the change because the address/port information in the header would not have matched the local copy of expected header information and also would not have matched Node N2's expected address/port information.
It should be noted that the common set of “expected” address/port information carried in the messages between Nodes N1 and N2 allow each node to associate the link monitoring protocol message with its associated session, even in the presence of source NAT in both directions.
Miscellaneous
It should be noted that headings are used above for convenience and are not to be construed as limiting the present invention in any way.
Various embodiments of the invention may be implemented at least in part in any conventional computer programming language. For example, some embodiments may be implemented in a procedural programming language (e.g., “C”), or in an object oriented programming language (e.g., “C++”). Other embodiments of the invention may be implemented as a pre-configured, stand-along hardware element and/or as preprogrammed hardware elements (e.g., application specific integrated circuits, FPGAs, and digital signal processors), or other related components.
In an alternative embodiment, the disclosed apparatus and methods (e.g., see the various flow charts described above) may be implemented as a computer program product for use with a computer system. Such implementation may include a series of computer instructions fixed either on a tangible, non-transitory medium, such as a computer readable medium (e.g., a diskette, CD-ROM, ROM, or fixed disk). The series of computer instructions can embody all or part of the functionality previously described herein with respect to the system.
Those skilled in the art should appreciate that such computer instructions can be written in a number of programming languages for use with many computer architectures or operating systems. Furthermore, such instructions may be stored in any memory device, such as semiconductor, magnetic, optical or other memory devices, and may be transmitted using any communications technology, such as optical, infrared, microwave, or other transmission technologies.
Among other ways, such a computer program product may be distributed as a removable medium with accompanying printed or electronic documentation (e.g., shrink wrapped software), preloaded with a computer system (e.g., on system ROM or fixed disk), or distributed from a server or electronic bulletin board over the network (e.g., the Internet or World Wide Web). In fact, some embodiments may be implemented in a software-as-a-service model (“SAAS”) or cloud computing model. Of course, some embodiments of the invention may be implemented as a combination of both software (e.g., a computer program product) and hardware. Still other embodiments of the invention are implemented as entirely hardware, or entirely software.
Computer program logic implementing all or part of the functionality previously described herein may be executed at different times on a single processor (e.g., concurrently) or may be executed at the same or different times on multiple processors and may run under a single operating system process/thread or under different operating system processes/threads. Thus, the term “computer process” refers generally to the execution of a set of computer program instructions regardless of whether different computer processes are executed on the same or different processors and regardless of whether different computer processes run under the same operating system process/thread or different operating system processes/threads.
Importantly, it should be noted that embodiments of the present invention may employ conventional components such as conventional computers (e.g., off-the-shelf PCs, mainframes, microprocessors), conventional programmable logic devices (e.g., off-the shelf FPGAs or PLDs), or conventional hardware components (e.g., off-the-shelf ASICs or discrete hardware components) which, when programmed or configured to perform the non-conventional methods described herein, produce non-conventional devices or systems. Thus, there is nothing conventional about the inventions described herein because even when embodiments are implemented using conventional components, the resulting devices and systems (e.g., the REX processor) are necessarily non-conventional because, absent special programming or configuration, the conventional components do not inherently perform the described non-conventional functions.
Although the above discussion discloses various exemplary embodiments of the invention, it should be apparent that those skilled in the art can make various modifications that will achieve some of the advantages of the invention without departing from the true scope of the invention. Any references to the “invention” are intended to refer to exemplary embodiments of the invention and should not be construed to refer to all embodiments of the invention unless the context otherwise requires. The described embodiments are to be considered in all respects only as illustrative and not restrictive.
Timmons, Patrick, Kaplan, Hadriel S., Penfield, Robert, Menon, Abilash
Patent | Priority | Assignee | Title |
11075836, | May 31 2016 | 128 TECHNOLOGY, INC | Reverse forwarding information base enforcement |
11349722, | Feb 11 2017 | Nicira, Inc. | Method and system of connecting to a multipath hub in a cluster |
11375005, | Jul 24 2021 | VMWARE, INC | High availability solutions for a secure access service edge application |
11381499, | May 03 2021 | VMware, Inc. | Routing meshes for facilitating routing through an SD-WAN |
11388086, | May 03 2021 | VMware, Inc. | On demand routing mesh for dynamically adjusting SD-WAN edge forwarding node roles to facilitate routing through an SD-WAN |
11394640, | Dec 12 2019 | VMware, Inc. | Collecting and analyzing data regarding flows associated with DPI parameters |
11418997, | Jan 24 2020 | VMware, Inc. | Using heart beats to monitor operational state of service classes of a QoS aware network link |
11438789, | Jan 24 2020 | VMware, Inc. | Computing and using different path quality metrics for different service classes |
11444865, | Nov 17 2020 | VMware, Inc. | Autonomous distributed forwarding plane traceability based anomaly detection in application traffic for hyper-scale SD-WAN |
11444872, | Apr 13 2015 | Nicira, Inc. | Method and system of application-aware routing with crowdsourcing |
11451449, | Sep 13 2021 | Juniper Networks, Inc | Configuration of EVPN topologies using a user interface |
11451464, | May 13 2019 | 128 TECHNOLOGY, INC | Central authority for service and topology exchange |
11456955, | Apr 16 2020 | Juniper Networks, Inc. | Tenant-based mapping for virtual routing and forwarding |
11463347, | Jun 24 2020 | Juniper Networks, Inc.; Juniper Networks, Inc | Point-to-multipoint Layer-2 network extension over Layer-3 network |
11477115, | Jun 24 2020 | Juniper Networks, Inc.; Juniper Networks, Inc | Layer-2 network extension over layer-3 network using encapsulation |
11477127, | Jul 02 2020 | VMware, Inc. | Methods and apparatus for application aware hub clustering techniques for a hyper scale SD-WAN |
11489720, | Jun 18 2021 | VMware, Inc. | Method and apparatus to evaluate resource elements and public clouds for deploying tenant deployable elements based on harvested performance metrics |
11489783, | Dec 12 2019 | VMware, Inc. | Performing deep packet inspection in a software defined wide area network |
11509571, | May 03 2021 | VMware, Inc. | Cost-based routing mesh for facilitating routing through an SD-WAN |
11533248, | Jun 22 2017 | Nicira, Inc. | Method and system of resiliency in cloud-delivered SD-WAN |
11546249, | Jun 24 2020 | Juniper Networks, Inc.; Juniper Networks, Inc | Layer-2 network extension over layer-3 network using layer-2 metadata |
11552883, | Sep 29 2021 | Juniper Networks, Inc.; Juniper Networks, Inc | Session establishment using path change |
11575591, | Nov 17 2020 | VMware, Inc. | Autonomous distributed forwarding plane traceability based anomaly detection in application traffic for hyper-scale SD-WAN |
11575600, | Nov 24 2020 | VMware, Inc.; VMWARE, INC | Tunnel-less SD-WAN |
11582144, | May 03 2021 | VMware, Inc. | Routing mesh to provide alternate routes through SD-WAN edge forwarding nodes based on degraded operational states of SD-WAN hubs |
11601356, | Dec 29 2020 | VMware, Inc. | Emulating packet flows to assess network links for SD-WAN |
11606225, | Oct 02 2017 | VMware, Inc. | Identifying multiple nodes in a virtual network defined over a set of public clouds to connect to an external SAAS provider |
11606286, | Jan 31 2017 | VMWARE, INC | High performance software-defined core network |
11606314, | Aug 27 2019 | VMware, Inc. | Providing recommendations for implementing virtual networks |
11606712, | Jan 24 2020 | VMware, Inc. | Dynamically assigning service classes for a QOS aware network link |
11611507, | Oct 28 2019 | VMware, Inc. | Managing forwarding elements at edge nodes connected to a virtual network |
11637768, | May 03 2021 | VMware, Inc. | On demand routing mesh for routing packets through SD-WAN edge forwarding nodes in an SD-WAN |
11652739, | Feb 15 2018 | 128 Technology, Inc. | Service related routing method and apparatus |
11658901, | Jun 24 2020 | Juniper Networks, Inc.; Juniper Networks, Inc | Point-to-multipoint Layer-2 network extension over Layer-3 network |
11658902, | Apr 23 2020 | Juniper Networks, Inc | Session monitoring using metrics of session establishment |
11677720, | Apr 13 2015 | Nicira, Inc. | Method and system of establishing a virtual private network in a cloud service for branch networking |
11689959, | Jan 24 2020 | VMware, Inc. | Generating path usability state for different sub-paths offered by a network link |
11695687, | May 13 2019 | 128 Technology, Inc. | Distribution of multicast information in a routing system |
11700196, | Jan 31 2017 | VMware, Inc. | High performance software-defined core network |
11706126, | Nov 06 2017 | VMware, Inc. | Method and apparatus for distributed data network traffic optimization |
11706127, | Jan 31 2017 | VMware, Inc. | High performance software-defined core network |
11709710, | Jul 30 2020 | VMware, Inc. | Memory allocator for I/O operations |
11711279, | Oct 26 2021 | Juniper Networks, Inc | Application records using session information |
11716286, | Dec 12 2019 | VMware, Inc. | Collecting and analyzing data regarding flows associated with DPI parameters |
11722405, | May 31 2016 | 128 Technology, Inc. | Reverse forwarding information base enforcement |
11722925, | Jan 24 2020 | VMware, Inc. | Performing service class aware load balancing to distribute packets of a flow among multiple network links |
11729065, | May 06 2021 | VMWARE, INC | Methods for application defined virtual network service among multiple transport in SD-WAN |
11750483, | Jun 19 2019 | 128 Technology, Inc. | In-line performance monitoring |
11750508, | May 13 2019 | 128 Technology, Inc. | Source-based routing |
11784907, | May 13 2019 | 128 Technology, Inc. | Routing using segment-based metrics |
11784917, | Jun 24 2020 | Juniper Networks, Inc. | Layer-2 network extension over Layer-3 network using encapsulation |
11792127, | Jan 18 2021 | VMWARE, INC | Network-aware load balancing |
11799762, | Jun 24 2020 | Juniper Networks, Inc. | Layer-2 network extension over layer-3 network using layer-2 metadata |
11799779, | Oct 28 2020 | Juniper Networks, Inc | Session-based packet capture |
11804988, | Jul 10 2013 | Nicira, Inc. | Method and system of overlay flow control |
11811638, | Jul 15 2021 | Juniper Networks, Inc | Adaptable software defined wide area network application-specific probing |
11831414, | Aug 27 2019 | VMware, Inc. | Providing recommendations for implementing virtual networks |
11831519, | Sep 13 2021 | Juniper Networks, Inc. | Configuration of EVPN topologies using a user interface |
11838172, | Aug 31 2021 | Juniper Networks, Inc.; Juniper Networks, Inc | Identifying root cause of failures through detection of network scope failures |
11843957, | Apr 06 2021 | Juniper Networks, Inc. | Detection of insufficient RF coverage areas in a wireless network |
11855805, | Oct 02 2017 | VMWARE, INC | Deploying firewall for virtual network defined over public cloud infrastructure |
11894949, | Oct 02 2017 | VMware LLC | Identifying multiple nodes in a virtual network defined over a set of public clouds to connect to an external SaaS provider |
11895194, | Oct 02 2017 | VMware LLC | Layer four optimization for a virtual network defined over public cloud |
11902086, | Nov 09 2017 | Nicira, Inc. | Method and system of a dynamic high-availability mode based on current wide area network connectivity |
11902100, | Jan 17 2022 | Juniper Networks, Inc. | Determining an organizational level network topology |
11902146, | Aug 31 2021 | Juniper Networks, Inc.; Juniper Networks, Inc | Identifying a maximum segment size (MSS) corresponding to a network path |
11909815, | Jun 06 2022 | VMware LLC | Routing based on geolocation costs |
11916779, | Oct 07 2021 | Juniper Networks, Inc. | Peer comparison-based outlier detection for network performance monitoring |
Patent | Priority | Assignee | Title |
6515963, | Jan 27 1999 | Cisco Technology, Inc | Per-flow dynamic buffer management |
6563824, | Apr 20 1999 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Apparatus and methods for determining the correct workstation within a LAN for a LAN modem to route a packet |
6584071, | Aug 03 1999 | WSOU Investments, LLC | Routing with service level guarantees between ingress-egress points in a packet network |
6721334, | Feb 18 1999 | Hewlett Packard Enterprise Development LP | Method and apparatus for packet aggregation in packet-based network |
6738387, | Jun 15 2000 | National Science Council | Design of scalable techniques for quality of services routing and forwarding |
6778531, | Nov 04 1999 | Siemens Aktiengesellschaft | Multicast routing with service-level guarantees between ingress egress-points in a packet network |
6798743, | Mar 22 1999 | Cisco Technology, Inc. | Packet prioritization processing technique for routing traffic in a packet-switched computer network |
7020143, | Jun 18 2001 | Ericsson Inc | System for and method of differentiated queuing in a routing system |
7035214, | Sep 28 1999 | AVAYA Inc | System and method for a negative acknowledgement-based transmission control protocol |
7106739, | Jun 27 2001 | Intel Corporation | Method enabling network address translation of incoming session initiation protocol connections based on dynamic host configuration protocol address assignments |
7154902, | Oct 21 2002 | DELL MARKETING CORPORATION | Epoch-based packet switching |
7218632, | Dec 06 2000 | Cisco Technology, Inc | Packet processing engine architecture |
7315541, | Apr 03 2002 | Cisco Technology, Inc. | Methods and apparatus for routing a content request |
7373660, | Aug 26 2003 | Cisco Technology, Inc. | Methods and apparatus to distribute policy information |
7466703, | May 01 1998 | Alcatel-Lucent USA Inc | Scalable high speed router apparatus |
7536720, | May 07 2002 | RPX CLEARINGHOUSE LLC | Method and apparatus for accelerating CPE-based VPN transmissions over a wireless network |
7634805, | Mar 05 2003 | Microsoft Technology Licensing, LLC | Use of network address translation for implementation of stateful routing |
7706411, | Mar 29 2004 | Hewlett Packard Enterprise Development LP | Handling oversubscribed mesh ports with re-tagging |
7730301, | Nov 25 2002 | UNIFY GMBH & CO KG | Method and system for encrypting transmissions of communication data streams via a packet-oriented communication network |
7773611, | Jun 15 2005 | Cisco Technology, Inc. | Method and apparatus for packet loss detection |
7872973, | Mar 17 2006 | WSOU Investments, LLC | Method and system for using a queuing device as a lossless stage in a network device in a communications network |
7949785, | Mar 31 2003 | Intellectual Ventures I LLC | Secure virtual community network system |
8068417, | Oct 12 2006 | Saisei Networks Pte Ltd | System, method, and computer program product for processing flow requests based on an associated preference using a single computation |
8094560, | May 19 2008 | Cisco Technology, Inc | Multi-stage multi-core processing of network packets |
8139479, | Mar 25 2009 | Juniper Networks, Inc. | Health probing detection and enhancement for traffic engineering label switched paths |
8437248, | Jan 07 2009 | Huawei Technologies Co., Ltd. | Method, system, and apparatus for network device to access packet switched network |
8527641, | Nov 25 2008 | Citrix Systems, Inc.; Citrix Systems, Inc | Systems and methods for applying transformations to IP addresses obtained by domain name service (DNS) |
8570893, | Oct 25 2008 | Huawei Technologies Co., Ltd.; HUAWEI TECHNOLOGIES CO , LTD | Method and device for measuring network performance parameters |
8584199, | Oct 17 2006 | A10 Networks, Inc. | System and method to apply a packet routing policy to an application session |
8634428, | Sep 21 2009 | AT&T Intellectual Property I, L.P. | Method and system for symmetric routing |
8804489, | Sep 29 2010 | TELEFONAKTIEBOLAGET L M ERICSSON PUBL | Fast flooding based fast convergence to recover from network failures |
8942085, | May 23 2012 | GOOGLE LLC | System and method for routing around failed links |
8989020, | Dec 03 2009 | Verizon Patent and Licensing Inc.; VERIZON PATENT AND LICENSING, INC | Bidirectional forwarding detection (BFD) protocol extension for detecting random traffic dropping |
9059920, | Aug 30 2006 | RPX CLEARINGHOUSE LLC | Method and apparatus for selecting between available neighbors in a RAPID alternate path calculation |
9160652, | Aug 31 2012 | Cisco Technology, Inc. | Fast reroute for bidirectional co-routed traffic engineering tunnels |
9240953, | Apr 24 2008 | CAVIUM INTERNATIONAL; MARVELL ASIA PTE, LTD | Systems and methods for managing traffic in a network using dynamic scheduling priorities |
9276864, | Dec 28 2010 | Amazon Technologies, Inc. | Dynamic network traffic throttling |
20010030649, | |||
20020044553, | |||
20020075883, | |||
20020176363, | |||
20030198189, | |||
20030214938, | |||
20040088542, | |||
20040264481, | |||
20050036616, | |||
20050063307, | |||
20050182932, | |||
20050238022, | |||
20060176894, | |||
20070171825, | |||
20070171826, | |||
20070253418, | |||
20080159145, | |||
20080214175, | |||
20090007021, | |||
20090059958, | |||
20100125898, | |||
20100191968, | |||
20110069714, | |||
20120144061, | |||
20120236860, | |||
20130227166, | |||
20130229922, | |||
20130230051, | |||
20130297824, | |||
20140040488, | |||
20150188814, | |||
20150229618, | |||
20150381324, | |||
20160036694, | |||
20160094444, | |||
20160105471, | |||
20160344565, | |||
20160344803, | |||
20170063927, | |||
CN101068242, | |||
CN101207604, | |||
CN101552703, | |||
CN101640629, | |||
CN101646220, | |||
CN102158371, | |||
CN102739507, | |||
CN102769679, | |||
CN103179192, | |||
CN105245469, | |||
EP1313267, | |||
GB1473898, | |||
KR1020110062994, | |||
RE44119, | Nov 05 2003 | Xylon LLC | Method and apparatus for packet transmission with configurable adaptive output scheduling |
WO2007084707, | |||
WO2007084755, | |||
WO2008043230, | |||
WO2015131537, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
May 31 2016 | 128 Technology, Inc. | (assignment on the face of the patent) | / | |||
Jun 20 2016 | MENON, ABILASH | 128 TECHNOLOGY, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 039157 | /0406 | |
Jun 20 2016 | PENFIELD, ROBERT | 128 TECHNOLOGY, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 039157 | /0406 | |
Jun 20 2016 | KAPLAN, HADRIEL S | 128 TECHNOLOGY, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 039157 | /0406 | |
Jun 20 2016 | TIMMONS, PATRICK | 128 TECHNOLOGY, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 039157 | /0406 | |
Jul 26 2022 | MENON, ABILASH | 128 TECHNOLOGY, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 063144 | /0935 | |
Jul 26 2022 | TIMMONS, PATRICK | 128 TECHNOLOGY, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 063144 | /0935 | |
Aug 03 2022 | PENFIELD, ROBERT | 128 TECHNOLOGY, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 063144 | /0935 | |
Mar 22 2023 | KAPLAN, HADRIEL S | 128 TECHNOLOGY, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 063144 | /0935 |
Date | Maintenance Fee Events |
Feb 12 2021 | BIG: Entity status set to Undiscounted (note the period is included in the code). |
Jul 20 2022 | M1551: Payment of Maintenance Fee, 4th Year, Large Entity. |
Date | Maintenance Schedule |
Feb 05 2022 | 4 years fee payment window open |
Aug 05 2022 | 6 months grace period start (w surcharge) |
Feb 05 2023 | patent expiry (for year 4) |
Feb 05 2025 | 2 years to revive unintentionally abandoned end. (for year 4) |
Feb 05 2026 | 8 years fee payment window open |
Aug 05 2026 | 6 months grace period start (w surcharge) |
Feb 05 2027 | patent expiry (for year 8) |
Feb 05 2029 | 2 years to revive unintentionally abandoned end. (for year 8) |
Feb 05 2030 | 12 years fee payment window open |
Aug 05 2030 | 6 months grace period start (w surcharge) |
Feb 05 2031 | patent expiry (for year 12) |
Feb 05 2033 | 2 years to revive unintentionally abandoned end. (for year 12) |